[squid-users] reverse proxy and HTTP redirects

Vieri Di Paola vieridipaola at gmail.com
Wed Dec 4 07:42:46 UTC 2019 

On Wed, Dec 4, 2019 at 6:15 AM Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> I'm trying to see for myself if this is actually normal/OK - since I
> don't know how familiar you are with HTTP accel mode syntax.
>
> The requests in particular are most interesting, though what responses
> are paired with each is also potentially important.

Hope it fits here. Otherwise, I'll pastebin it in another e-mail.

Here's the whole shebang:

2019/12/03 14:52:25.964 kid1| 11,2| client_side.cc(2372)
parseHttpRequest: HTTP Client local=10.215.145.81:50443
remote=10.215.144.48:54243 FD 12 flags=1
2019/12/03 14:52:25.964 kid1| 11,2| client_side.cc(2373)
parseHttpRequest: HTTP Client REQUEST:
---------
POST /whatever/j_spring_security_check HTTP/1.1
Host: intranet.mydomain.org:50443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0)
Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.8,es-ES;q=0.6,es;q=0.4,ca;q=0.2
Accept-Encoding: gzip, deflate, br
Referer: https://intranet.mydomain.org:50443/whatever/security/login
Content-Type: application/x-www-form-urlencoded
Content-Length: 48
Cookie: JSESSIONID=pveHPU4LMS7YcbpaFwAADdL3
Connection: keep-alive
Upgrade-Insecure-Requests: 1

redirect=&username=myuser&password=mypassword
----------
2019/12/03 14:52:25.964 kid1| 11,2| http.cc(2229) sendRequest: HTTP
Server local=10.215.248.91:49470 remote=10.215.248.40:8080 FD 17
flags=1
2019/12/03 14:52:25.964 kid1| 11,2| http.cc(2230) sendRequest: HTTP
Server REQUEST:
---------
POST /whatever/j_spring_security_check HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0)
Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.8,es-ES;q=0.6,es;q=0.4,ca;q=0.2
Accept-Encoding: gzip, deflate, br
Referer: https://intranet.mydomain.org:50443/whatever/security/login
Content-Type: application/x-www-form-urlencoded
Content-Length: 48
Cookie: JSESSIONID=pveHPU4LMS7YcbpaFwAADdL3
Upgrade-Insecure-Requests: 1
Host: intranet.mydomain.org:50443
Via: 1.1 rev_whatever (squid)
Surrogate-Capability: inf-fw2="Surrogate/1.0"
X-Forwarded-For: 10.215.144.48
Cache-Control: max-age=259200
Connection: keep-alive


----------
2019/12/03 14:52:26.509 kid1| ctx: enter level  0:
'https://intranet.mydomain.org:50443/whatever/j_spring_security_check'
2019/12/03 14:52:26.509 kid1| 11,2| http.cc(719) processReplyHeader:
HTTP Server local=10.215.248.91:49470 remote=10.215.248.40:8080 FD 17
flags=1
2019/12/03 14:52:26.509 kid1| 11,2| http.cc(720) processReplyHeader:
HTTP Server REPLY:
---------
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Set-Cookie: JSESSIONID=DQS7FWuX-JxNHXMZE+BHeQ2H; Path=/whatever
Location: http://intranet.mydomain.org:50443/whatever/security/afterLogin
Content-Length: 0
Date: Tue, 03 Dec 2019 13:52:25 GMT


----------
2019/12/03 14:52:26.509 kid1| ctx: exit level  0
2019/12/03 14:52:26.509 kid1| 11,2| client_side.cc(1409)
sendStartOfMessage: HTTP Client local=10.215.145.81:50443
remote=10.215.144.48:54243 FD 12 flags=1
2019/12/03 14:52:26.509 kid1| 11,2| client_side.cc(1410)
sendStartOfMessage: HTTP Client REPLY:
---------
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Set-Cookie: JSESSIONID=DQS7FWuX-JxNHXMZE+BHeQ2H; Path=/whatever
Location: http://intranet.mydomain.org:50443/whatever/security/afterLogin
Content-Length: 0
Date: Tue, 03 Dec 2019 13:52:25 GMT
X-Cache: MISS from inf-fw2
X-Cache-Lookup: MISS from inf-fw2:50443
Via: 1.1 rev_whatever (squid)
Connection: keep-alive


----------

> >
> > 2019/12/03 14:52:26.509 kid1| 11,2| http.cc(720) processReplyHeader:
> > HTTP Server REPLY:
> > ---------
> > HTTP/1.1 302 Moved Temporarily
> ...
> > Location: http://whatever.org:50443/whatever/security/afterLogin
>
> That is a very good sign. The server is using the Squid listening port
> in its generated URLs.

Yes, the port is fine. It's the protocol that's http instead of https.

Vieri

More information about the squid-users mailing list