<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">(forgot to reply all)</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">Hi alex,</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br>I did a new capture like you said, since there's only a few http messages in gonna post them here:<br><br>Squid 5.2:<br>dump -i ens224 -nn port 80 -s0 -w squid52output<br><br>POST /webserver/index.php HTTP/1.1<br>Accept-Encoding: deflate, gzip<br>Cookie: tickets[InDesign]=9ce90349BDxzBw6TeaGM1sYvG6dDlABl0NqbswO9; tickets[]=716c37c9qD4eeMFPHZvbfAa8S7VMmLh3Skkgrb31; AWSELB=0D3B27870CA3C45CF463C76E69DC284A499EFD0DF6EE047B11D31BB6D9B01943D41E6D72FB8A97227A031F20EAAC9364FE0968EA5AAEE1102734343F2F0133CD3A0C6A4A0C<br>Accept: */*<br>SOAPAction: "urn:#SaveObjects"<br>Content-Type: multipart/form-data; boundary=----------------7d123<br>Content-Length: 4277021<br>Expect: 100-continue<br>Host: webserverhost<br>Via: 1.1 squid5.2host (squid/5.2)<br>X-Forwarded-For: 172.19.222.132<br>Cache-Control: max-age=259200<br>Connection: keep-alive<br><br>HTTP/1.1 100 Continue<br><br>HTTP/1.1 503 Service Unavailable.<br>Content-length:0<br><br>POST /webserver/index.php HTTP/1.1<br>Accept-Encoding: deflate, gzip<br>Cookie: tickets[InDesign]=9ce90349BDxzBw6TeaGM1sYvG6dDlABl0NqbswO9; tickets[]=716c37c9qD4eeMFPHZvbfAa8S7VMmLh3Skkgrb31; AWSELB=0D3B27870CA3C45CF463C76E69DC284A499EFD0DF6EE047B11D31BB6D9B01943D41E6D72FB8A97227A031F20EAAC9364FE0968EA5AAEE1102734343F2F0133CD3A0C6A4A0C<br>Accept: */*<br>SOAPAction: "urn:#GetDialog"<br>Content-Type: multipart/form-data; boundary=----------------7d123<br>Content-Length: 1120<br>Expect: 100-continue<br>Host: webserverhost<br>Via: 1.1 squid5.2host (squid/5.2)<br>X-Forwarded-For: 172.19.222.132<br>Cache-Control: max-age=259200<br>Connection: keep-alive<br><br>HTTP/1.1 100 Continue<br><br>------<br>Squid 4.15:<br><br>dump -i ens224 -nn port 80 -s0 -w squid4.15output<br><br>POST /webserver/index.php HTTP/1.1<br>Accept-Encoding: deflate, gzip<br>Cookie: tickets[InDesign]=1ae95903t3jY2HDSgfvoEsfpsibbkf9mlNZ4eDjA; tickets[]=716c37c9qD4eeMFPHZvbfAa8S7VMmLh3Skkgrb31; AWSELB=0D3B27870CA3C45CF463C76E69DC284A499EFD0DF6EE047B11D31BB6D9B01943D41E6D72FB8A97227A031F20EAAC9364FE0968EA5AAEE1102734343F2F0133CD3A0C6A4A0C<br>Accept: */*<br>SOAPAction: "urn:#SaveObjects"<br>Content-Type: multipart/form-data; boundary=----------------7d123<br>Content-Length: 4272865<br>Expect: 100-continue<br>Host: webserverhost<br>Via: 1.1 squid4.15host (squid/4.15)<br>X-Forwarded-For: 172.19.222.132<br>Cache-Control: max-age=259200<br>Connection: keep-alive<br><br>HTTP/1.1 100 Continue<br><br>POST /webserver/index.php HTTP/1.1<br>Accept-Encoding: deflate, gzip<br>Cookie: tickets[InDesign]=1ae95903t3jY2HDSgfvoEsfpsibbkf9mlNZ4eDjA; tickets[]=716c37c9qD4eeMFPHZvbfAa8S7VMmLh3Skkgrb31; AWSELB=0D3B27870CA3C45CF463C76E69DC284A499EFD0DF6EE047B11D31BB6D9B01943D41E6D72FB8A97227A031F20EAAC9364FE0968EA5AAEE1102734343F2F0133CD3A0C6A4A0C<br>Accept: */*<br>SOAPAction: "urn:#UnlockObjects"<br>Content-Type: multipart/form-data; boundary=----------------7d123<br>Content-Length: 644<br>Host: webserverhost<br>Via: 1.1 squid4.15host (squid/4.15)<br>X-Forwarded-For: 172.19.222.132<br>Cache-Control: max-age=259200<br>Connection: keep-alive<br><br><br>HTTP/1.1 200 OK<br>Content-Type: text/xml; charset=utf-8<br>Date: Tue, 30 Aug 2022 10:52:05 GMT<br>Server: Apache/2.4.6 (CentOS) PHP/7.1.26<br>Set-Cookie: tickets[InDesign]=1ae95903t3jY2HDSgfvoEsfpsibbkf9mlNZ4eDjA; expires=Wed, 31-Aug-2022 10:52:05 GMT; Max-Age=86400; path=/webserver; HttpOnly<br>X-Powered-By: PHP/7.1.26<br>Content-Length: 266<br>Connection: keep-alive<br><br>Again thank you for you time.<br>David<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 29 Aug 2022 at 18:18, Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com">rousskov@measurement-factory.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 8/29/22 12:17, David Ferreira wrote:<br>
<br>
> I tried to capture the http trafic with the following tcpdump:<br>
> <br>
> tcpdump -i any -nn port 80|grep -i http<br>
<br>
I am not cool enough to easily grok this kind of output. Please share (a <br>
link to) the packet capture file instead (tcpdump -s0 -w filename ...).<br>
<br>
Thank you,<br>
<br>
Alex.<span class="gmail_default" style="font-family:monospace,monospace;font-size:small"></span><br>
<br>
<br>
> Notes:<br>
> - 1.2.3.4 is the webserver ip<br>
> - 10.185.23.202 is the squid machine outbound interface<br>
> <br>
> Here's the results:<br>
> <br>
> Squid 4.15(Working one):<br>
><br>
> ---<br>
> Im not that familiar with tcpdump, if there's a better way to capture <br>
> please say so, im also gonna build a squid v5 to test it out.<br>
> <br>
> Again, thanks for your time<br>
> <br>
> <br>
> On Mon, 29 Aug 2022 at 13:52, Alex Rousskov <br>
> <<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a> <br>
> <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>>> wrote:<br>
> <br>
> On 8/29/22 06:17, David Ferreira wrote:<br>
> <br>
> > I have some squid's running on rocky linux 8 with verion 4.15,<br>
> recently<br>
> > been testing squid version 5.2(stable version that comes with<br>
> Rocky 9)to<br>
> > upgrade the current ones and most of the configs/acls seem to<br>
> work fine.<br>
> ><br>
> > Unfortualy theres an application that we use that everytime it<br>
> tries to<br>
> > upload files it fails on squid 5.2, on 4.15 is works completly<br>
> fine, so<br>
> > far ive test on squid 5.2 and 5.5 and it's the same behavior, im<br>
> testing<br>
> > this with default configurations and it always works on 4.15,<br>
> access log<br>
> > only shows this:<br>
> ><br>
> > Squid 4.15:<br>
> > 26/Aug/2022:15:36:08 +0100 273 172.19.222.132TCP_MISS/200 745<br>
> POST <a href="http://websiteurl/index.php" rel="noreferrer" target="_blank">http://websiteurl/index.php</a> <<a href="http://websiteurl/index.php" rel="noreferrer" target="_blank">http://websiteurl/index.php</a>> -<br>
> HIER_DIRECT/websitedomain text/xml<br>
> ><br>
> > Squid 5.2:<br>
> > 25/Aug/2022:15:10:00 +0100 139 172.19.222.132<br>
> TCP_MISS_ABORTED/100 0 POST <a href="http://websiteurl" rel="noreferrer" target="_blank">http://websiteurl</a> <<a href="http://websiteurl" rel="noreferrer" target="_blank">http://websiteurl</a>><br>
> HIER_DIRECT/websitedomain -<br>
> ><br>
> > anyone has an ideia of what may be happening here?, been<br>
> searching about<br>
> > http errors 100 and so far i did not find anything that points me<br>
> to the<br>
> > problem.<br>
> ><br>
> > On the application side the error it shows when it tries to<br>
> upload is:<br>
> > "<br>
> > Error storing the document on the server<br>
> > Detail HTTP error 100<br>
> > Send failure: Connection was aborted (55)<br>
> > "<br>
> <br>
> Squid v5.2 has many serious bugs. I would not use it in production.<br>
> Build the latest Squid v5 from sources if you have to.<br>
> <br>
> <br>
> If the latest Squid v5 shows the same problem then this is probably a<br>
> client application or Squid bug/misconfiguration. There were quite a<br>
> few<br>
> changes in HTTP 1xx control message handling since Squid v4, and one of<br>
> those changes is probably affecting your client. For example, either<br>
> Squid v4 does not deliver that 100 control message to the client at all<br>
> or it is delivering a slightly different 100 control message that your<br>
> client is happy with.<br>
> If you share what HTTP messages are exchanged between client and<br>
> Squid<br>
> and between Squid and the origin server, in both successful and failing<br>
> use cases, we may be able to tell you more. I would use tcpdump,<br>
> wireshark, or a similar tool to collect HTTP traffic since these are<br>
> non-TLS transactions.<br>
> <br>
> <br>
> HTH,<br>
> <br>
> Alex.<br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
> <mailto:<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>><br>
> <a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
> <<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a>><br>
> <br>
> <br>
> <br>
> -- <br>
> Com os melhores cumprimentos,<br>
> <br>
> David Ferreira<br>
<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><font face="monospace, monospace" style="background-color:rgb(238,238,238)" color="#3d85c6">Com os melhores cumprimentos,<br><br></font></div><font face="monospace, monospace" style="background-color:rgb(238,238,238)" color="#3d85c6">David Ferreira</font><br></div></div></div></div></div>