[squid-users] Problems with squid 3.1 to 3.3 upgrade

Fri Aug 9 13:59:37 UTC 2019

>
>
> On 8/8/19 3:29 PM, Tom Karches wrote:
>
> > I am in the process of upgrading our Squid proxy server from 3.1 (on
> > RHEL6) to 3.3 (on RHEL7).
>
> It could have been worse! For example, you could ask a question about
> upgrading Squid from v1.0 to v2.0... I will try to help, but I do not
> remember much about v3.3 specifics.
>

I realize that it's a bit old. It is the default for RHEL 7 and unless
there is a specific reason to update to the latest version, I usually stick
with the default. The current proxy is 3.1 and totally works for our
application.

>
> No, simply logging HTTP CONNECT requests does not require bumping SSL.
>
>
Great. Don't want to go down that path.

> > I used curl to test the new proxy. When I attempt to proxy an external
> > https connection, this is the result :
>
> > $ curl --proxy http://127.0.0.1:3128 https://www.google.com
> > curl: (56) Received HTTP code 503 from proxy after CONNECT
>
> Your Squid told curl that something went wrong. If you look at the
> actual response, you may know what went wrong. The same information may
> be available in Squid access.log, but the error response may have more
> details than a log record. Please share that info here if it does not
> point you to a solution.
>
> > Where should I be looking for the problem?
>
> In Squid response to curl. You can use curl tracing options or Wireshark
> to see it. Squid access.log may have some clues as well.
>
>
>
>
With this command :
$curl --trace --proxy http://127.0.0.1:3128 https://www.google.com

I get the HTML of the page, with this near the top :
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--

and then :

<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a
href="/">/</a></p>
<blockquote id="error">
<p><b>Invalid URL</b></p>
</blockquote>

and no 503 error at the end.

Getting this in access.log :
1565358617.666      0 127.0.0.1 TAG_NONE/400 3958 GET / - HIER_NONE/-
text/html

Which seems odd. So the page is being delivered, but I don't see it unless
--trace is turned on.

When I use :
curl --proxy http://127.0.0.1:3128 https://www.google.com

I get this in access.log :
1565358720.756      2 127.0.0.1 TAG_NONE/503 0 CONNECT www.google.com:443 -
HIER_NONE/- -

My http_port directive is set as such :

# Squid normally listens to port 3128
http_port 3128

This is an explicit proxy so everything should be going through 3128.

I don't feel so bad about not figuring this out sooner. There was a thread
with a similar problem on the list (though it was not helpful) where they
were still stuck at this point after a month. I've only spent a week.

Thanks,

Tom
-- 
Thomas Karches
NCSU OIT CSI - Systems Specialist
M.E Student - Technology Education
Hillsborough 319 / 919.515.5508
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190809/af69ccc6/attachment.html>