[squid-users] error:transaction-end-before-headers

Eric F. squid at loel.fr
Wed Aug 26 11:52:37 UTC 2020 

Hi,

I use squid 4.12 with LDAP (Active Directory).
All works great except sometimes I have the following errors in my 
access.log file :

1598438527.315      0 192.168.0.50 NONE/000 0 NONE 
error:transaction-end-before-headers - HIER_NONE/- -

How can i correct that ? Any suggestions ?

Below my squid.conf file :

   --8<--

acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8             # RFC 1918 local private network 
(LAN)
acl localnet src 100.64.0.0/10          # RFC 6598 shared address space 
(CGN)
acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly 
plugged) machines
acl localnet src 172.16.0.0/12          # RFC 1918 local private network 
(LAN)
acl localnet src 192.168.0.0/16         # RFC 1918 local private network 
(LAN)
acl localnet src fc00::/7               # RFC 4193 local private network 
range
acl localnet src fe80::/10              # RFC 4291 link-local (directly 
plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT


http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager

acl bad_urls urlpath_regex -i "/etc/squid/bad_urls"
acl bad_domains dstdomain "/etc/squid/bad_domains"

http_access deny bad_urls
http_access deny bad_domains

auth_param basic program /usr/local/libexec/squid/basic_ldap_auth -P -R 
-b dc=lab,dc=local -D cn=squid,cn=users,dc=lab,dc=local -w squid -f 
"(&(objectClass=person)(sAMAccountName=%s))" -v 3 192.168.0.7:389

acl ldap-auth proxy_auth REQUIRED
http_access allow ldap-auth

http_access allow localnet
http_access allow localhost

http_access deny all

http_port 3128

coredump_dir /var/squid/cache

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

cache_mgr informatique at lab.local

   -->8--

Thank you very much !

Cheers,

Eric F.

More information about the squid-users mailing list