[squid-users] no response from the proxy squid parent

yannick.rousseau at tutanota.com yannick.rousseau at tutanota.com
Sat Jun 27 15:09:26 UTC 2020 

Hi, 
I've noticed one more difference between the CONNECT packets (it appears in the HTTP layer):

--> client's firefox configured with the ip and port of the parent proxy (172.16.103.254:3128), surf on the Net ok:

Frame 58: 255 bytes on wire (2040 bits), 255 bytes captured (2040 bits) on interface eth1, id 0
Ethernet II, Src: D-LinkIn_79:24:ed (ac:f1:df:79:24:ed), Dst: VMware_92:8a:f2 (00:0c:29:92:8a:f2)
Internet Protocol Version 4, Src: 172.16.103.101, Dst: 172.16.103.254
Transmission Control Protocol, Src Port: 35604, Dst Port: 3128, Seq: 1, Ack: 1, Len: 201
Hypertext Transfer Protocol
    CONNECT www.google.com:443 <http://www.google.com:443> HTTP/1.1\r\n
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\r\n
    Proxy-Connection: keep-alive\r\n
    Connection: keep-alive\r\n
    Host: www.google.com:443\r\n <http://www.google.com:443\r\n>
    \r\n
    [Full request URI: www.google.com:443 <http://www.google.com:443>]
    [HTTP request 1/1]
    [Response in frame: 62]


--> client's firefox configured to use system proxy settings (can't surf on the Net):

Frame 620: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on interface eth1, id 0
Ethernet II, Src: D-LinkIn_79:24:ed (ac:f1:df:79:24:ed), Dst: VMware_92:8a:f2 (00:0c:29:92:8a:f2)
Internet Protocol Version 4, Src: 172.16.103.101, Dst: 172.16.103.254
Transmission Control Protocol, Src Port: 35528, Dst Port: 3128, Seq: 1, Ack: 1, Len: 241
Hypertext Transfer Protocol
    CONNECT www.google.com:443 <http://www.google.com:443> HTTP/1.1\r\n
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\r\n
    Host: www.google.com:443\r\n <http://www.google.com:443\r\n>
    Via: 1.1 tjener.intern (squid/4.6)\r\n
    X-Forwarded-For: 10.0.2.2\r\n      -> request field introduit par squid
    Cache-Control: max-age=259200\r\n  -> si on vire le cache dans la config, tjs là ?
    \r\n
    [Full request URI: www.google.com:443 <http://www.google.com:443>]
    [HTTP request 1/1]
    [Response in frame: 624]


Remarks: tjener.inter is my server with squid (172.16.103.101) and 172.16.103.254:3128 is the parent.
                  10.0.2.2 is the IP of the client.

If you have any idea to help me to fix this ....

Thanks for your answer.

Yannick
-- 
Securely sent with Tutanota. Get your own encrypted, ad-free mailbox: 
https://tutanota.com


Jun 26, 2020, 07:11 by squid3 at treenet.co.nz:

> On 24/06/20 7:27 am, yannick.rousseau at tutanota.com wrote:
>
>> Hi, 
>>
>> I'm using squid (4.6) on my server (debianedu buster LTSP), and I'm
>> trying to configure a parent proxy.
>>
>> At first, when I configure the client's firefox (manual proxy
>> configuration) with the ip and port of the parent proxy, it's ok, I can
>> surf on the internet. 
>>
>> But I would like to configure my server's Squid Proxy to forward to a
>> parent proxy (172.16.103.254:3128)
>> -> So I add these two lines at the end of squid.conf:
>> cache_peer 172.16.103.254 parent 3128 0 no-query no-digest
>> never_direct allow all
>>
>> -> And restart squid. It seems to be ok:
>> # cat /var/log/squid/cache.log
>> (.....)
>> 2020/06/23 09:51:12 kid1| Configuring Parent 172.16.103.254/3128/0
>> (....)
>>
>> -> Then I configure firefox to use system proxy settings, but when I try
>> to google something or visit debian-fr.org, it doesn't work (no reponse
>> from the proxy).
>>
>
> That is odd. The log shows a 403 response being delivered by the parent
> proxy and delivered to Firefox.
>
> Browsers refuse to display proxy responses on CONNECT requests. So the
> first is expected. But the second one using http:// should be shown.
>
>
>> But my squid's configuration seems to be ok:
>> # cat /var/log/squid/access.log
>> (....)
>> 1592921221.753    138 10.0.2.2 TCP_TUNNEL/403 361
>> CONNECT www.google.com:443 <http://www.google.com:443/> -
>> FIRSTUP_PARENT/172.16.103.254 -
>> 1592921275.641    521 10.0.2.2 TCP_MISS/403 4289
>> GET http://www.debian-fr.org/ - FIRSTUP_PARENT/172.16.103.254 text/html
>> 1592921275.692      0 10.0.2.2 TCP_HIT/200 13072 GET
>> (...)
>>
>> Is it possible that the squid parent refuse to have "a child" ?
>>
>
> Maybe. You will need to know the parent proxy configuration to tell
> that. All that is visible from the detail you have shown is that parent
> proxy has forbidden the requests it is receiving.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200627/2c538d7b/attachment-0001.html>

More information about the squid-users mailing list