[squid-users] Squid 3.5.21 ssl bump and x-forward
FredB
fredbmail at free.fr
Thu Sep 15 08:53:27 UTC 2016
Hello,
I'm testing SSlBump and it works good, however I'm seeing something strange with two proxies and x-forwarded enabled to the first, some requests are wrote with the first proxy address.
user -> squid (fowarded_for on) -> squid (follow_x_forwarded_for allow all) -> Net
Here log from the second squids, on same server, (same result when there are separate 127.0.0.1 = IP FIRST SQUID)
10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "CONNECT www.google.fr:443 HTTP/1.0" 200 0 440 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "GET http://www.google.fr/ HTTP/1.0" 302 643 1575 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "CONNECT www.google.fr:443 HTTP/1.0" 200 0 440 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
127.0.0.1 - myaccount [15/Sep/2016:09:40:07 +0200] "POST https://www.google.fr/gen_204?atyp=i&ct=slh&cad=&ei=EVDaV-rAOcS7adLmucAF&s=3&v=2&pv=0.19272099408438004&me=4:1473925301533,e,U&zx=1473925301536 HTTP/1.1" 204 401 1571 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET https://www.google.fr/?gws_rd=ssl HTTP/1.1" 200 61953 1387 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "POST https://www.google.fr/gen_204?atyp=i&ct=slh&cad=&ei=EVDaV-rAOcS7adLmucAF&s=4&v=2&pv=0.19272099408438004&me=5:1473925302218,e,H&zx=1473925302220 HTTP/1.1" 204 401 1571 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET https://www.google.fr/complete/search?sclient=psy-ab&site=&source=hp&q=&oq=&gs_l=&pbx=1&bav=on.2,or.r_cp.&fp=1&biw=995&bih=554&dpr=1.25&pf=p&gs_rn=64&gs_ri=psy-ab&tok=yZHeL-_L5Be_JazeSm0Mtg&cp=0&gs_id=0&xhr=t&tch=1&ech=1&psi=tVDaV7_DMsXqauCygeAF.1473925302436.1 HTTP/1.1" 200 913 1618 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET https://www.google.fr/gen_204?v=3&s=webhp&atyp=csi&ei=tVDaV7_DMsXqauCygeAF&imc=2&imn=2&imp=0&adh=&xjs=init.26.20.sb.18.p.3.jsa.1.abd.1.foot.1&ima=0&rt=xjsls.21,prt.41,iml.41,dcl.82,xjses.124,jraids.149,jraide.153,xjsee.185,xjs.185,ol.217,aft.41,wsrt.748,cst.1,dnst.0,rqst.522,rspt.533,rqstt.161,unt.143,cstt.144,dit.816 HTTP/1.1" 204 401 1616 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
10.x.x.x.x - myaccount [15/Sep/2016:09:40:08 +0200] "CONNECT plus.google.com:443 HTTP/1.0" 200 0 446 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "POST https://plus.google.com/u/0/_/n/gcosuc HTTP/1.1" 200 862 1388 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
10.x.x.x.x - myaccount [15/Sep/2016:09:40:18 +0200] "CONNECT p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i1-v6exp3-v4.metric.gstatic.com:443 HTTP/1.0" 200 0 617 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
10.x.x.x.x - myaccount [15/Sep/2016:09:40:18 +0200] "CONNECT p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i2-v6exp3-ds.metric.gstatic.com:443 HTTP/1.0" 200 0 617 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
127.0.0.1 - myaccount [15/Sep/2016:09:40:18 +0200] "GET https://p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i2-v6exp3-ds.metric.gstatic.com/v6exp3/6.gif HTTP/1.1" 200 1214 702 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
127.0.0.1 - myaccount [15/Sep/2016:09:40:18 +0200] "GET https://p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i1-v6exp3-v4.metric.gstatic.com/v6exp3/6.gif HTTP/1.1" 200 1214 702 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
10.x.x.x.x - myaccount [15/Sep/2016:09:40:48 +0200] "CONNECT p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-s1-v6exp3-v4.metric.gstatic.com:443 HTTP/1.0" 200 0 617 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
127.0.0.1 - myaccount [15/Sep/2016:09:40:48 +0200] "GET https://p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-s1-v6exp3-v4.metric.gstatic.com/gen_204?ipv6exp=3&sentinel=1&v4_img_dt=270&ds_img_dt=253 HTTP/1.1" 204 1393 601 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"
Fred
More information about the squid-users
mailing list