[squid-users] v4.2 url_rewrite Uri.cc line 371 bad URL parsing on SSL
squid3 at treenet.co.nz
Thu Aug 16 01:50:30 UTC 2018
On 16/08/18 11:58, David Touzeau wrote:
> I have written my own url_rewrite helper
> On SSL sites, the helper answering a redirect to a remote denied php page.
No your helper *rewrite* the URL without changing any other properties
of the request message. This can be seen clearly in the use of
"rewrite-url=" instead of "url=".
The difference is important when it comes to the type of message being
> With HTTP, no issue but on SSL there is a different behavior
> My helper return
> rewrite-url= https://192.168.1.122:443/myguard.php?rule-id=0&....
> but according to debug, the Uri.cc understand : host='https',
> port='443', path=''
> In this case, squid try to connect to an https machine name and return
> bad 503
> Did i miss something ???
Look at the input received by the helper. HTTPS uses CONNECT requests.
Those messages have authority-form URI not URLs. The above behaviour is
what happens when your helpers response is interpreted according to
You can prevent the SSL-Bump CONNECT messages being sent to the
url_rewrite_access deny CONNECT
you can try to do a proper redirect by having the helper send:
OK status=302 url=...
The latter *might* work. Depending on whether the client handles
redirection on CONNECT requests. Browsers don't support anything other
than 200 status. Other clients have a mix of behaviours so its somewhat
More information about the squid-users