From yngcho at nwcdcloud.cn Thu Jun 5 08:04:09 2025 From: yngcho at nwcdcloud.cn (Yang, Chao) Date: Thu, 5 Jun 2025 08:04:09 +0000 Subject: [squid-dev] [Issue Report] Squid forward request to 0.0.0.0/8 Message-ID: <9f2ee826cd454f898e2dcb7042173bf3@nwcdcloud.cn> Dear Squid Support Team, Hope you are everything well. I meet a strange issue and hope you could give some suggestions. Background: I am using squid as a proxy to register my SUSE EC2 Instance in AWS. I installed squid in Amazon Linux 2023 and just modify /etc/squid/squid.conf file "http_access deny all" to "http_access allow all". After that , I set the enviroment in SUSE Instance(172.31.45.49 is Squid instance): env | grep proxy https_proxy=http://172.31.45.49:3128 http_proxy=http://172.31.45.49:3128 no_proxy=169.254.169.254 When I tried to register SUSE instance with command "registercloudguest --force-new", got the following error(/var/log/cloudregister): =================================================================================================================== 2025-06-05 05:23:34,418 ERROR: Registration failed: Registering system to registration proxy https://smt-ec2.susecloud.net Updating system details on https://smt-ec2.susecloud.net ... Activating sle-module-web-scripting 15.5 x86_64 ... -> Adding service to system ... command '/usr/bin/zypper --non-interactive refs Web_and_Scripting_Module_x86_64' failed Error: zypper returned 1 with 'Unexpected exception. Unknown error reading from 'plugin:/susecloud?credentials=Web_and_Scripting_Module_x86_64&path=/services/2494' History: - Not ready to read within timeout. Please file a bug report about this. See http://en.opensuse.org/Zypper/Troubleshooting for instructions.' (exit status 1) =================================================================================================================== Action taken: I found there are lots of strange log when I register SUSE as below(/var/log/squid/access.log): =================================================================================================================== 1749103351.951 3 172.31.47.207 TCP_DENIED/403 3804 CONNECT 0.0.10.40:1 - HIER_NONE/- text/html 1749103366.975 4 172.31.47.207 TCP_DENIED/403 3802 CONNECT 0.0.9.96:7 - HIER_NONE/- text/html 1749103375.466 59932 172.31.47.207 TCP_TUNNEL/503 0 CONNECT 0.0.9.102:443 - HIER_DIRECT/0.0.9.102 - =================================================================================================================== After I edited the config file(/etc/squid/squid.conf) and add the following: acl invalid_dst dst 0.0.0.0/8 http_access deny invalid_dst I could register SUSE without any error. When I access Amazon S3 using squid instance, there is no any strange IP in the access log. I checked /etc/hosts and no any information of "0.0.0.0/8" Action Required: Do you know why squid forward request to 0.0.0.0/8? Thank you! Best Regards Yang Chao -------------- next part -------------- An HTML attachment was scrubbed... URL: From squid3 at treenet.co.nz Thu Jun 5 10:49:03 2025 From: squid3 at treenet.co.nz (Amos Jeffries) Date: Thu, 5 Jun 2025 22:49:03 +1200 Subject: [squid-dev] [Issue Report] Squid forward request to 0.0.0.0/8 In-Reply-To: <9f2ee826cd454f898e2dcb7042173bf3@nwcdcloud.cn> References: <9f2ee826cd454f898e2dcb7042173bf3@nwcdcloud.cn> Message-ID: On 5/06/25 20:04, Yang, Chao wrote: > > I found there are lots of strange log when I register SUSE as below(/ > var/log/squid/access.log): > > / > ===================================================================================================================/ > > /1749103351.951????? 3 172.31.47.207 TCP_DENIED/403 3804 CONNECT > 0.0.10.40:1 - HIER_NONE/- text/html/ > Squid received the HTTP request "CONNECT 0.0.10.40:1". The port 1 is forbidden by SSL_ports, so Squid sent a 403 Denied response. > /1749103366.975????? 4 172.31.47.207 TCP_DENIED/403 3802 CONNECT > 0.0.9.96:7 - HIER_NONE/- text/html/ > Squid received the HTTP request "CONNECT 0.0.9.96:7". The port 7 is forbidden by SSL_ports, so Squid sent a 403 Denied response. > /1749103375.466? 59932 172.31.47.207 TCP_TUNNEL/503 0 CONNECT > 0.0.9.102:443 - HIER_DIRECT/0.0.9.102 -/ > Squid received the HTTP request "CONNECT 0.0.9.102:443". The port 443 is valid for HTTPS, so Squid opened a tunnel to that server (successfully). The connection closed after 59.9 seconds, with no data sent to the client. > / > ===================================================================================================================/ > > After I edited the config file(/etc/squid/squid.conf) and add the following: > > ??? acl invalid_dst dst 0.0.0.0/8 > > ????http_access deny invalid_dst > > I could register SUSE without any error. The error is something inside the SUSE zypper or the plugin it is using to access their cloud services. Whoever coded it did not expect that IP address range to work in "public" Internet. Squid is just trying to do what it is told to do. It looks to me like it is working. > > When I access Amazon S3 using squid instance, there is no any strange IP > in the access log. > That being an entirely different company and/or web service. One can expect them to be different. > I checked /etc/hosts and no any information of "0.0.0.0/8" > Those IPs are being sent to Squid directly by the "registercloudguest" software. Why, is a different question and should be taken up with the SUSE people or whoever wrote the zypper plugin that tool is using. > *Action Required:* > > Do you know why squid forward request to 0.0.0.0/8? > As you have discovered that range is used by Cloud services. Typically for internal messaging. In some of the environments Squid operates it is treated as equivalent to a LAN range for VMs. Cheers Amos