[squid-users] failing https requests

Adam Weremczuk adamw at matrixscience.com
Mon Apr 27 14:03:24 UTC 2020


Thanks Amos for the hint.

Tcpdump in source reveals the following:

HTTP/1.1 400 Bad Request
Server: squid/3.5.27
Mime-Version: 1.0
Date: Mon, 27 Apr 2020 13:34:47 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 4000
X-Squid-Error: ERR_INVALID_REQ 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from PROXY
X-Cache-Lookup: NONE from PROXY:3128
Via: 1.1 PROXY (squid/3.5.27)
Connection: close

It also produces:

Some possible problems are:
- Missing or unknown request method.
- Missing URL.
- Missing HTTP Identifier (HTTP/1.0).
- Request is too large.
- Content-Length missing for POST or PUT requests.
- Illegal character in hostname; underscores are not allowed.
- HTTP/1.1 feature is being asked from an HTTP/1.0 software.

Can I determine which of the above is actually causing failures?

Increasing debug level to 9 in squid config hasn't resulted in any more 
info being logged :(

Cheers,
Adam

On 24/04/2020 16:57, Amos Jeffries wrote:
> On 25/04/20 3:46 am, Adam Weremczuk wrote:
>> Hi all,
>>
>> I run squid-3.5.27_3 on pfSense 2.4.4 as well as in house Sugar CRM server.
>>
>> Recently Sugar license validation and updates checks made to
>> https://updates.sugarcrm.com/heartbeat/soap.php started failing (no
>> changes made at our end).
>>
>> In squid logs requests only produce 2 lines:
>>
>> 1587737506.670      0 192.168.5.30 TAG_NONE/400 4360 NONE
>> error:invalid-request - HIER_NONE/- text/html
>> 1587737506.978    301 192.168.5.30 TCP_MISS/301 464 POST
>> http://updates.sugarcrm.com/heartbeat/soap.php -
>> HIER_DIRECT/54.177.58.238 text/html
>>
>> It looks like client error followed by a redirection to http.
>>
>> Direct requests (no web proxy) as well as telnet, wget and curl work fine.
>>
>> Could somebody explain what exactly the errors mean and why the requests
>> fail?
>>
> It means the client delivered some bytes which do not in any way conform
> to HTTP request syntax. Not even similar.
>
> The best thing to do is to get a full-packet capture and investigate
> with wireshark what is going on.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users


More information about the squid-users mailing list