<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Any help I could use? :)<span id="馃檪"> The gist is: I have squid running on machine A, and an app on machine B. The app sets proxy (A's ip address and squid port #) when making HTTP requests but the requests are failing.</span></div>
<div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<div><font color="#2672ec" face="Verdana"><strong>Aniruddha Gore</strong></font><br>
<font color="#000000" face="Verdana" size="1" style="font-size:8pt">Sent from <a href="http://www.microsoft.com/en-us/outlook-com/compare/" target="_blank">
<font color="#2672ec"><font color="#2672ec">O</font><font color="#d24726">u</font><font color="#008a17">t</font><font color="#5133ab">l</font><font color="#8c0095">o</font><font color="#8c0095">o</font><font color="#ac193d">k</font><font color="#000000">.</font><font color="#008a17">c</font><font color="#e1c404">o</font></font><font color="#666666">m</font></a></font>
</div>
</div>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> squid-users <squid-users-bounces@lists.squid-cache.org> on behalf of Aniruddha Gore <agnrie@hotmail.com><br>
<b>Sent:</b> Friday, May 7, 2021 10:57 AM<br>
<b>To:</b> squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>
<b>Subject:</b> Re: [squid-users] HTTPS request times out going through Squid proxy</font>
<div> </div>
</div>
<style type="text/css" style="display:none">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
</style>
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
I spoke too soon, so embarrassed <span id="x_馃檨">馃檨</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span><br>
</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>When I run Squid on the same machine where my application is running it works fine, but when I run Squid with the same exact default config on a different machine it doesn't. I supply other machine's IP address and port (3128) on command line to my app,
and it simply takes it and sets web proxy property on CPPRest SDK's http_config object. </span></div>
<div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
The access.log file has many lines like the following:</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt">1620409014.520 42289
</span><span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt"><ip adress></span><b style="font-size:12pt; font-style:inherit; font-variant-ligatures:inherit; font-variant-caps:inherit"> </b><span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt">TAG_NONE/500
0 CONNECT <uri>:443 - HIER_DIRECT/13.107.246.70 -</span><br>
</div>
<div id="x_appendonsend"></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
When capturing network calls via Wireshark (on this other machine where Squid is running), the CONNECT call succeeds but the following TCP call seems to fail with a RESET status (Wireshark is highlighting it in Yellow). Here's the frame if I am doing it right:</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Frame 317: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{5DF77CC1-9630-47C0-883C-EB71B3CB5012}, id 0
<div> Interface id: 0 (\Device\NPF_{5DF77CC1-9630-47C0-883C-EB71B3CB5012})</div>
<div> Encapsulation type: Ethernet (1)</div>
<div> Arrival Time: May 7, 2021 10:36:16.229675000 Pacific Daylight Time</div>
<div> [Time shift for this packet: 0.000000000 seconds]</div>
<div> Epoch Time: 1620408976.229675000 seconds</div>
<div> [Time delta from previous captured frame: 0.009061000 seconds]</div>
<div> [Time delta from previous displayed frame: 3.998702000 seconds]</div>
<div> [Time since reference or first frame: 8.098563000 seconds]</div>
<div> Frame Number: 317</div>
<div> Frame Length: 54 bytes (432 bits)</div>
<div> Capture Length: 54 bytes (432 bits)</div>
<div> [Frame is marked: False]</div>
<div> [Frame is ignored: False]</div>
<div> [Protocols in frame: eth:ethertype:ip:tcp]</div>
<div> [Coloring Rule Name: TCP RST]</div>
<div> [Coloring Rule String: tcp.flags.reset eq 1]</div>
<div>Ethernet II, Src: IntelCor_5a:b3:e2 (c8:09:a8:5a:b3:e2), Dst: IntelCor_4e:5e:85 (34:02:86:4e:5e:85)</div>
<div>Internet Protocol Version 4, Src: 192.168.1.13, Dst: 192.168.1.10</div>
<div>Transmission Control Protocol, Src Port: 5526, Dst Port: 3128, Seq: 112, Ack: 1, Len: 0</div>
<div> Source Port: 5526</div>
<div> Destination Port: 3128</div>
<div> [Stream index: 7]</div>
<div> [TCP Segment Len: 0]</div>
<div> Sequence Number: 112 (relative sequence number)</div>
<div> Sequence Number (raw): 3926084777</div>
<div> [Next Sequence Number: 112 (relative sequence number)]</div>
<div> Acknowledgment Number: 1 (relative ack number)</div>
<div> Acknowledgment number (raw): 363949443</div>
<div> 0101 .... = Header Length: 20 bytes (5)</div>
<div> Flags: 0x014 (RST, ACK)</div>
<div> 000. .... .... = Reserved: Not set</div>
<div> ...0 .... .... = Nonce: Not set</div>
<div> .... 0... .... = Congestion Window Reduced (CWR): Not set</div>
<div> .... .0.. .... = ECN-Echo: Not set</div>
<div> .... ..0. .... = Urgent: Not set</div>
<div> .... ...1 .... = Acknowledgment: Set</div>
<div> .... .... 0... = Push: Not set</div>
<div> .... .... .1.. = Reset: Set</div>
<div> .... .... ..0. = Syn: Not set</div>
<div> .... .... ...0 = Fin: Not set</div>
<div> [TCP Flags: 路路路路路路路A路R路路]</div>
<div> Window: 0</div>
<div> [Calculated window size: 0]</div>
<div> [Window size scaling factor: 256]</div>
<div> Checksum: 0x50b9 [unverified]</div>
<div> [Checksum Status: Unverified]</div>
<div> Urgent Pointer: 0</div>
<span> [Timestamps]</span><br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> squid-users <squid-users-bounces@lists.squid-cache.org> on behalf of Aniruddha Gore <agnrie@hotmail.com><br>
<b>Sent:</b> Friday, May 7, 2021 2:14 AM<br>
<b>To:</b> squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>
<b>Subject:</b> Re: [squid-users] HTTPS request times out going through Squid proxy</font>
<div> </div>
</div>
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Matus, thanks a ton for your responses. I removed https_port and things started working again. Unfortunately, I am not sure what I was doing wrong before adding https_port. Well, it works now
<span id="x_x_馃檪">馃檪</span></div>
<div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
</div>
<div id="x_x_appendonsend"></div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> squid-users <squid-users-bounces@lists.squid-cache.org> on behalf of Matus UHLAR - fantomas <uhlar@fantomas.sk><br>
<b>Sent:</b> Friday, May 7, 2021 12:16 AM<br>
<b>To:</b> squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>
<b>Subject:</b> Re: [squid-users] HTTPS request times out going through Squid proxy</font>
<div> </div>
</div>
<div class="x_x_BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="x_x_PlainText">On 07.05.21 06:52, Aniruddha Gore wrote:<br>
>Thanks Matus for responding 馃檪<br>
<br>
no need for private copy, mailing list is enough.<br>
<br>
>Following is what the relevant line in squid.conf:<br>
><br>
># Squid normally listens to port 3128<br>
>http_port 3128<br>
><br>
>I suspect you might be pointing out that there is no https_port configured. <br>
<br>
no. https_port is used for reverse proxying, not for forward proxying of<br>
HTTPS requests.<br>
<br>
> While I was adding https_port, I noticed no process is listening on port<br>
> 3128 (doesn't appear in output of netstat -aon on Windows). So now the<br>
> calls are failing with "WinHttpSendRequest: 12029: A connection with the<br>
> server could not be established" 馃槙<br>
<br>
>have you set up your squid host:port as HTTP proxy in the application?<br>
- means: have you set up the applictaion to use HTTP proxy?<br>
<br>
>Can you see anything in squid logs?<br>
- what is in squid logs?<br>
<br>
<br>
>From: squid-users <squid-users-bounces@lists.squid-cache.org> on behalf of Matus UHLAR - fantomas <uhlar@fantomas.sk><br>
<br>
>On 06.05.21 01:06, Aniruddha Gore wrote:<br>
>> Pinging back hoping to get some help. I suspect I am missing something<br>
>> very basic and would really appreciate if someone could point me in the<br>
>> right direction. :)<br>
<br>
>I haven't seen your packet trace but so far it shouldn't be needed.<br>
><br>
>> Context I have an application running on a machine (A) that does not have<br>
>> internet connectivity. It, however, can talk to another machine (B) which<br>
>> has full connectivity. The application makes HTTPS calls. I am hoping to<br>
>> set-up Squid on B and set-up web proxy (ip address and port) when making<br>
>> HTTPS calls in the app.<br>
><br>
><br>
>> I have installed Squid for<br>
>> Windows<<a href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsquid.diladele.com%2F&data=04%7C01%7C%7C5b9f4ed3b2034204fc8208d911818b94%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637560070374693084%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UsLb7lFoSjmXaeuRWeOar6dLcrYnzg7wu9SdnOen9q0%3D&reserved=0" originalsrc="https://squid.diladele.com/" shash="CLZ4Rq97IIInyBivJLonPbKdRJmU8AevUf8GTKAHCljW//RthwA5XJh8NawWH9FaogmsQWwbmGbZkvSfrq5bYFA+raW2k1btBS1KepJHA8erG3sNaZpL7jYc7yGDcHZi4iwuXdI7BGXFR8t/vL+7gMTc+0WG7qDl69BxbZl3xNk=" originalsrc="https://squid.diladele.com/" shash="lqIrrvipgkgYLYnUbaMq1+XZ/ncN2vGklEg6q8T/6boFvpzpRs4Ktf++SMi1SUKT4XuTmMbOHiGfYUSl+pEbQAeoNUyhhDNUpdJIQ/VZa5VVZQB3O8iICGKBnaAhVOpFnzXjo777SGHLUkdQicBSW4vYgYvwhgIj/JUwRG7OhC4=">https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsquid.diladele.com%2F&data=04%7C01%7C%7C4d7fbe73b6a54cb719d908d911281327%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637559686103881002%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=hWCJM%2F3qqUc8Bz1%2BXup9cuVgJuX1ebIOi0i0tEBCUHU%3D&reserved=0</a>><br>
>> on B with default squid config.<br>
>><br>
>><br>
>> Problem HTTPS requests are timing out.<br>
>><br>
>><br>
>> I am new to proxy so don't know lot of ways to investigate further. This<br>
>> is what Wireshark captured running on B. Unfortunately, I am unable to<br>
>> gather any actionable info from this, it just confirms that calls do make<br>
>> it to B and then something wrong happens.<br>
<br>
<br>
-- <br>
Matus UHLAR - fantomas, uhlar@fantomas.sk ; <a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=04%7C01%7C%7C5b9f4ed3b2034204fc8208d911818b94%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637560070374703036%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gD8S69S7YlhWJa%2Bp2e320Kp0F8wla3NAYA%2F5p5LKCys%3D&reserved=0" originalsrc="http://www.fantomas.sk/" shash="nXclPWsBF4A9ZgeG3HOtw2TiWhg+GPP3CLBbwe6wv9NjC7YQblvYsIje0JrinHHaNZCk8+rOXkA9d0TKJrLW+cTv7Sx9rGDNY73Yap2QvnXPh8+6es5AlpTpfvAJtjlhxFIHNV0Gjtkbu7e6XRwJAi9bozMomPM6yDzOuulvCKc=" originalsrc="http://www.fantomas.sk/" shash="sLxj0kr5xLlnyv99Rrl+Cl/JGt8qwM2VHuPAz6nvrT2nZh8n4bUpNrYVRzTA76P8jn8x+J8fT+cyuFm1in1NeA+t/rjs2qJroU2zi3ZfOxq2cjvRoNubGD8+SxPT4Z3QrnzJisd1bMWlYFsGlf9B+mINai5cxlU6Md3fxsR1HGs=">
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=04%7C01%7C%7C4d7fbe73b6a54cb719d908d911281327%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637559686103881002%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qC21DM3hdaq8G7RL31UzChySvc4zp47nTDEZKyRLzvg%3D&reserved=0</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=04%7C01%7C%7C5b9f4ed3b2034204fc8208d911818b94%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637560070374703036%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=c%2BDCZc7oj9eYa8O02xog9xX7Tf376EjKq9a8Pg%2Btmow%3D&reserved=0" originalsrc="http://lists.squid-cache.org/listinfo/squid-users" shash="fWVTTt/HHZVKK2QeVTdOijXC0Z2/usXh6BqlovOOIlwhoFz6DV7vJju9O2dr7Msqze8nL7ePgHrKyHaP9eKC1yTUmPb0NCkZ+yPwz+6dTtctulUC6Vo6Dgwb/1w9+XonL1eCsqRQCMdeJWOAukFaqh4Ly+iQ049Dcnjm6aD+P/I=" originalsrc="http://lists.squid-cache.org/listinfo/squid-users" shash="NeG3KtUShhaLoYiV4t/T94TyduRq2fWEYi0tF3eFa5tAjR7BRsChgI855eR9qpYVJTT4ahWI/JTKxrcAAogFTQfCwb/BLX+teZOZ6Q0VkorYhFLl1Yo4oN5IGYCohMDMkPVpqXr08NUw8eUsNt1EwG8Rhvzfj0ErZIbvnDT8RJ4=">https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=04%7C01%7C%7C4d7fbe73b6a54cb719d908d911281327%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637559686103881002%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=aiHtVTBCRrd2X4OMofMnANin%2BXJa%2FkCTraf3VHa3ou0%3D&reserved=0</a><br>
</div>
</span></font></div>
</div>
</div>
</body>
</html>