[squid-users] v4.2 url_rewrite Uri.cc line 371 bad URL parsing on SSL

David Touzeau david at articatech.com
Wed Aug 15 23:58:10 UTC 2018 

Hi, 

 

I have written my own url_rewrite helper

 

On SSL sites, the helper answering a redirect to a remote denied php  page.

 

With HTTP, no issue but on SSL there is a different behavior

 

My helper return 

 

rewrite-url= https://192.168.1.122:443/myguard.php?rule-id=0
<https://192.168.1.122:443/ufdbguard.php?rule-id=0&SquidGuardIPWeb=aHR0cDovL
zE5Mi4xNjguMS4xMjI=&clientaddr=192.168.1.1&clientname=192.168.1.1&clientuser
=unknown&clientgroup=default&targetgroup=P109&url=http%3A%2F%2Fwww.youporn.c
om>
&SquidGuardIPWeb=aHR0cDovLzE5Mi4xNjguMS4xMjI=&clientaddr=192.168.1.1&clientn
ame=192.168.1.1&clientuser=unknown&clientgroup=default&targetgroup=P109&url=
http%3A%2F%2Fwww.youporn.com

 

but according to debug, the Uri.cc understand : host='https', port='443',
path=''

 

In this case, squid try to connect to an https machine name and return bad
503

 

 

 

018/08/16 01:42:59.681 kid1| 84,3| Reply.cc(63) finalize: helper Result = OK

2018/08/16 01:42:59.681 kid1| 61,5| redirect.cc(83) redirectHandleReply:
reply={result=OK, notes={webfiltering: block,0,P109; status: 302;
rewrite-url:
https://192.168.1.122:443/myguard.php?rule-id=0&SquidGuardIPWeb=aHR0cDovLzE5
Mi4xNjguMS4xMjI=&clientaddr=192.168.1.1&clientname=192.168.1.1&clientuser=un
known&clientgroup=default&targetgroup=P109&url=http%3A%2F%2Fwww.youporn.com;
}}

2018/08/16 01:42:59.681 kid1| 85,5| client_side_request.cc(1197)
clientRedirectDone: 'www.youporn.com:443' result={result=OK,
notes={webfiltering: block,0,P109; status: 302; rewrite-url:
https://192.168.1.122:443/myguard.php?rule-id=0&SquidGuardIPWeb=aHR0cDovLzE5
Mi4xNjguMS4xMjI=&clientaddr=192.168.1.1&clientname=192.168.1.1&clientuser=un
known&clientgroup=default&targetgroup=P109&url=http%3A%2F%2Fwww.youporn.com;
}}

 

Here  -------------------> Uri.cc did not understand correctly the returned
URL.

 

2018/08/16 01:42:59.681 kid1| 23,3| Uri.cc(371) parse: Split URL
'https://192.168.1.122:443/myguard.php?rule-id=0&SquidGuardIPWeb=aHR0cDovLzE
5Mi4xNjguMS4xMjI=&clientaddr=192.168.1.1&clientname=192.168.1.1&clientuser=u
nknown&clientgroup=default&targetgroup=P109&url=http%3A%2F%2Fwww.youporn.com
' into proto='', host='https', port='443', path=''

 

 

2018/08/16 01:42:59.681 kid1| 24,7| SBuf.cc(212) append: from c-string to id
SBuf346713

2018/08/16 01:42:59.681 kid1| 24,7| SBuf.cc(160) rawSpace: reserving 0 for
SBuf346713

2018/08/16 01:42:59.681 kid1| 24,7| SBuf.cc(167) rawSpace: SBuf346713 not
growing

2018/08/16 01:42:59.681 kid1| 24,6| SBuf.cc(99) assign: SBuf346714 from
c-string, n=4294967295)

2018/08/16 01:42:59.682 kid1| 24,7| SBuf.cc(212) append: from c-string to id
SBuf346714

2018/08/16 01:42:59.682 kid1| 24,7| SBuf.cc(160) rawSpace: reserving 0 for
SBuf346714

2018/08/16 01:42:59.682 kid1| 24,7| SBuf.cc(167) rawSpace: SBuf346714 not
growing

2018/08/16 01:42:59.682 kid1| 24,6| SBuf.cc(99) assign: SBuf346709 from
c-string, n=4294967295)

2018/08/16 01:42:59.682 kid1| 24,7| SBuf.cc(212) append: from c-string to id
SBuf346709

2018/08/16 01:42:59.682 kid1| 24,7| SBuf.cc(160) rawSpace: reserving 0 for
SBuf346709

2018/08/16 01:42:59.682 kid1| 24,7| SBuf.cc(167) rawSpace: SBuf346709 not
growing

 

Here ------------> Address.cc did not find the https machine.

2018/08/16 01:42:59.682 kid1| 14,3| Address.cc(382) lookupHostIP: Given
Non-IP 'https.domain.local': Name or service not known

 

 

Did i miss something ???

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180816/1cbe57bb/attachment.html>

More information about the squid-users mailing list