[squid-users] HTTPS request times out going through Squid proxy

Aniruddha Gore agnrie at hotmail.com
Mon May 10 07:52:48 UTC 2021 

Any help I could use? :) The gist is: I have squid running on machine A, and an app on machine B. The app sets proxy (A's ip address and squid port #) when making HTTP requests but the requests are failing.

Aniruddha Gore
Sent from Outlook.com<http://www.microsoft.com/en-us/outlook-com/compare/>
________________________________
From: squid-users <squid-users-bounces at lists.squid-cache.org> on behalf of Aniruddha Gore <agnrie at hotmail.com>
Sent: Friday, May 7, 2021 10:57 AM
To: squid-users at lists.squid-cache.org <squid-users at lists.squid-cache.org>
Subject: Re: [squid-users] HTTPS request times out going through Squid proxy

I spoke too soon, so embarrassed 馃檨

When I run Squid on the same machine where my application is running it works fine, but when I run Squid with the same exact default config on a different machine it doesn't. I supply other machine's IP address and port (3128) on command line to my app, and it simply takes it and sets web proxy property on CPPRest SDK's http_config object.

The access.log file has many lines like the following:
1620409014.520  42289 <ip adress> TAG_NONE/500 0 CONNECT <uri>:443 - HIER_DIRECT/13.107.246.70 -

When capturing network calls via Wireshark (on this other machine where Squid is running), the CONNECT call succeeds but the following TCP call seems to fail with a RESET status (Wireshark is highlighting it in Yellow). Here's the frame if I am doing it right:

Frame 317: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{5DF77CC1-9630-47C0-883C-EB71B3CB5012}, id 0
    Interface id: 0 (\Device\NPF_{5DF77CC1-9630-47C0-883C-EB71B3CB5012})
    Encapsulation type: Ethernet (1)
    Arrival Time: May  7, 2021 10:36:16.229675000 Pacific Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1620408976.229675000 seconds
    [Time delta from previous captured frame: 0.009061000 seconds]
    [Time delta from previous displayed frame: 3.998702000 seconds]
    [Time since reference or first frame: 8.098563000 seconds]
    Frame Number: 317
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp]
    [Coloring Rule Name: TCP RST]
    [Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: IntelCor_5a:b3:e2 (c8:09:a8:5a:b3:e2), Dst: IntelCor_4e:5e:85 (34:02:86:4e:5e:85)
Internet Protocol Version 4, Src: 192.168.1.13, Dst: 192.168.1.10
Transmission Control Protocol, Src Port: 5526, Dst Port: 3128, Seq: 112, Ack: 1, Len: 0
    Source Port: 5526
    Destination Port: 3128
    [Stream index: 7]
    [TCP Segment Len: 0]
    Sequence Number: 112    (relative sequence number)
    Sequence Number (raw): 3926084777
    [Next Sequence Number: 112    (relative sequence number)]
    Acknowledgment Number: 1    (relative ack number)
    Acknowledgment number (raw): 363949443
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x014 (RST, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 0... = Push: Not set
        .... .... .1.. = Reset: Set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
        [TCP Flags: 路路路路路路路A路R路路]
    Window: 0
    [Calculated window size: 0]
    [Window size scaling factor: 256]
    Checksum: 0x50b9 [unverified]
    [Checksum Status: Unverified]
    Urgent Pointer: 0
    [Timestamps]

________________________________
From: squid-users <squid-users-bounces at lists.squid-cache.org> on behalf of Aniruddha Gore <agnrie at hotmail.com>
Sent: Friday, May 7, 2021 2:14 AM
To: squid-users at lists.squid-cache.org <squid-users at lists.squid-cache.org>
Subject: Re: [squid-users] HTTPS request times out going through Squid proxy

Matus, thanks a ton for your responses. I removed https_port and things started working again. Unfortunately, I am not sure what I was doing wrong before adding https_port. Well, it works now 馃檪

________________________________
From: squid-users <squid-users-bounces at lists.squid-cache.org> on behalf of Matus UHLAR - fantomas <uhlar at fantomas.sk>
Sent: Friday, May 7, 2021 12:16 AM
To: squid-users at lists.squid-cache.org <squid-users at lists.squid-cache.org>
Subject: Re: [squid-users] HTTPS request times out going through Squid proxy

On 07.05.21 06:52, Aniruddha Gore wrote:
>Thanks Matus for responding 馃檪

no need for private copy, mailing list is enough.

>Following is what the relevant line in squid.conf:
>
># Squid normally listens to port 3128
>http_port 3128
>
>I suspect you might be pointing out that there is no https_port configured.

no. https_port is used for reverse proxying, not for forward proxying of
HTTPS requests.

> While I was adding https_port, I noticed no process is listening on port
> 3128 (doesn't appear in output of netstat -aon on Windows).  So now the
> calls are failing with "WinHttpSendRequest: 12029: A connection with the
> server could not be established" 馃槙

>have you set up your squid host:port as HTTP proxy in the application?
- means: have you set up the applictaion to use HTTP proxy?

>Can you see anything in squid logs?
- what is in squid logs?


>From: squid-users <squid-users-bounces at lists.squid-cache.org> on behalf of Matus UHLAR - fantomas <uhlar at fantomas.sk>

>On 06.05.21 01:06, Aniruddha Gore wrote:
>> Pinging back hoping to get some help.  I suspect I am missing something
>> very basic and would really appreciate if someone could point me in the
>> right direction.  :)

>I haven't seen your packet trace but so far it shouldn't be needed.
>
>> Context I have an application running on a machine (A) that does not have
>> internet connectivity.  It, however, can talk to another machine (B) which
>> has full connectivity.  The application makes HTTPS calls.  I am hoping to
>> set-up Squid on B and set-up web proxy (ip address and port) when making
>> HTTPS calls in the app.
>
>
>> I have installed Squid for
>> Windows<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsquid.diladele.com%2F&data=04%7C01%7C%7C4d7fbe73b6a54cb719d908d911281327%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637559686103881002%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=hWCJM%2F3qqUc8Bz1%2BXup9cuVgJuX1ebIOi0i0tEBCUHU%3D&reserved=0<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsquid.diladele.com%2F&data=04%7C01%7C%7C5b9f4ed3b2034204fc8208d911818b94%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637560070374693084%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UsLb7lFoSjmXaeuRWeOar6dLcrYnzg7wu9SdnOen9q0%3D&reserved=0>>
>> on B with default squid config.
>>
>>
>> Problem HTTPS requests are timing out.
>>
>>
>> I am new to proxy so don't know lot of ways to investigate further.  This
>> is what Wireshark captured running on B.  Unfortunately, I am unable to
>> gather any actionable info from this, it just confirms that calls do make
>> it to B and then something wrong happens.


--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=04%7C01%7C%7C4d7fbe73b6a54cb719d908d911281327%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637559686103881002%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qC21DM3hdaq8G7RL31UzChySvc4zp47nTDEZKyRLzvg%3D&reserved=0<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=04%7C01%7C%7C5b9f4ed3b2034204fc8208d911818b94%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637560070374703036%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gD8S69S7YlhWJa%2Bp2e320Kp0F8wla3NAYA%2F5p5LKCys%3D&reserved=0>
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=04%7C01%7C%7C4d7fbe73b6a54cb719d908d911281327%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637559686103881002%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=aiHtVTBCRrd2X4OMofMnANin%2BXJa%2FkCTraf3VHa3ou0%3D&reserved=0<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=04%7C01%7C%7C5b9f4ed3b2034204fc8208d911818b94%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637560070374703036%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=c%2BDCZc7oj9eYa8O02xog9xX7Tf376EjKq9a8Pg%2Btmow%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210510/859a1c69/attachment-0001.htm>

More information about the squid-users mailing list