[squid-users] Squidcllient making request
Amos Jeffries
squid3 at treenet.co.nz
Wed Mar 2 09:22:46 UTC 2016
On 2/03/2016 6:05 p.m., John Pearson wrote:
> Hi,
>
> I have squid installed on a machine with two NICs.
> eth0 - wan
> eth1 - lan - 10.0.1.1
>
> Squid server is running on eth1.
> I am trying to use the squidclient to fetch a url so that squid will cache
> it. Like prefetching.
>
> Example:
>
> squidclient -v -h 10.0.1.1 -p 3128 -m GET http://www.apple.com
>
Problem #1;
you are missing a '/' on the end of the URL. That type of URL is not
valid in HTTP/1.0. It has only recently become acceptible in HTTP/1.1,
so not all services support it.
> Result
> -----------
> Request:
> GET http://www.apple.com HTTP/1.0
> Host: www.apple.com
> User-Agent: squidclient/3.5.9
> Accept: */*
> Connection: close
>
> .
>
> --------------------
>
> The cursor just blinks below the dot (after "Connection:close". Hard to
> see) and nothing happens. I have to manually exit.
>
> When I exit, squid log shows A LOT of these lines:
>
> 10.0.1.1 TCP_MISS_ABORTED/000 0 GET http://www.apple.com - ORIGINAL_DST/
> 10.0.1.1 -
Problem #2;
you are sending the request to an intercept port without having gone
through the NAT system.
If you left it to run, your machine would eventually crash as all
networking sockets and resources were consumed by the forwarding loop.
squidclient needs to use a forward-proxy port to connect to Squid.
Usually that is 3128, which is the port registered for Squid
forward-proxy ctraffic.
Recommended practice is to leave port 3128 for proxy administrative
access and tools like squidclient. Movine the intercept port to another
random number and firewall it (in iptables with mangle tables rule) to
prevent anything except NAT'd traffic reaching that random port.
Amos
More information about the squid-users
mailing list