[squid-users] missing response body with https requests

Mateusz Łoś los.mateusz at gmail.com
Thu Dec 9 13:18:02 UTC 2021 

Hello Everyone,

I have a squid running as a caching proxy. Some users of proxy noticed that in their java applications they are getting improper response from squid.
While connecting to https site through parent proxy we can see 407 response with Content-Length header but with empty body content which causes applications to fail as they are trying to read that body

lHttpAsyncClient [exchange: 71] connection aborted||The problematic lines are:|...|Consume content|-1 bytes read

with squid 5 I can see missing body in logs

2021/10/26 07:17:32.684 kid1| 11,2| src/clients/HttpTunneler.cc(324) handleResponse: Tunnel Server RESPONSE:
---------
<HTML><HEAD>

<TITLE>Access Denied</TITLE>

<STYLE TYPE="text/css">

	TABLE.DETAILS TD{

	  font-family: Helvetica;

	  font-size: 9pt;

	}

</STYLE>

</HEAD>

<BODY>

<FONT face="Helvetica">

<big><strong></strong></big><BR>

</FON----------
2021/10/26 07:17:32.684 kid1| TCP connection to <parent_proxy_ip>/8080 failed
    current master transaction: master95
2021/10/26 07:17:32.684 kid1| Detected DEAD Parent: <parent_proxy_ip>
    current master transaction: master95

Parent proxy configuration:
cache_peer myparentproxy_ipaddress parent 8080 0 no-query no-digest no-netdb-exchange login=PASSTHRU

While connecting through parent proxy directly there is no issue and response can be parsed properly.

I was unable to find configuration options to change this, while connecting to http site there is no such issue and body is being send properly with 407 answer.

root at testvm:~# curl -x 192.168.3.19:3128 https://webhook.site -Lv
*   Trying 192.168.3.19:3128...
* TCP_NODELAY set
* Connected to 192.168.3.19 (192.168.3.19) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to webhook.site:443
> CONNECT webhook.site:443 HTTP/1.1
> Host: webhook.site:443
> User-Agent: curl/7.68.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: BASIC realm="LDAP"
< Cache-Control: no-cache
< Pragma: no-cache
< X-XSS-Protection: 1
< Content-Type: text/html; charset=utf-8
< Proxy-Connection: close
< Connection: close
< Content-Length: 1590
<
* Ignore 1590 bytes of response-body
* Proxy CONNECT connection closed
* Closing connection 9
* Hostname 192.168.3.19 was found in DNS cache
*   Trying 192.168.3.19:3128...
* TCP_NODELAY set
* Connected to 192.168.3.19 (192.168.3.19) port 3128 (#10)
* allocate connect buffer!
* Establish HTTP proxy tunnel to webhook.site:443
> CONNECT webhook.site:443 HTTP/1.1
> Host: webhook.site:443
> User-Agent: curl/7.68.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 500 Internal Server Error
< Server: squid/5.2-VCS
< Mime-Version: 1.0
< Date: Tue, 26 Oct 2021 07:17:32 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 3814
< X-Squid-Error: ERR_CANNOT_FORWARD 0
< Content-Language: en
<
* Received HTTP code 500 from proxy after CONNECT
* CONNECT phase completed!
* Closing connection 10
curl: (56) Received HTTP code 500 from proxy after CONNECT

root at testvm:~# curl -x 192.168.3.19:3128 http://webhook.site -Lv
*   Trying 192.168.3.19:3128...
* TCP_NODELAY set
* Connected to 192.168.3.19 (192.168.3.19) port 3128 (#0)
> GET http://webhook.site/ HTTP/1.1
> Host: webhook.site
> User-Agent: curl/7.68.0
> Accept: */*
> Proxy-Connection: Keep-Alive
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: BASIC realm="LDAP"
< Cache-Control: no-cache
< Pragma: no-cache
< X-XSS-Protection: 1
< Content-Type: text/html; charset=utf-8
< Set-Cookie: BCSI-CS-53409a6e5b6816df=2; Path=/
< Content-Length: 1582
< Date: Tue, 26 Oct 2021 07:17:01 GMT
< X-Cache: MISS from testvm
< Via: 1.1 testvm (squid/5.2-VCS)
< Connection: keep-alive
<
<HTML><HEAD>

<TITLE>Access Denied</TITLE>

<STYLE TYPE="text/css">




Is there anything that can be done on configuration level to make it work?


Regards,
Mateusz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20211209/202c4df1/attachment-0001.htm>

More information about the squid-users mailing list