LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-02-2007, 03:11 AM   #1
espiya7
Member
 
Registered: Jul 2007
Posts: 33

Rep: Reputation: 15
squid proxy: Invalid request


My windows client PCs are automatically redirected by my OpenBSD firewall to my squid proxy server (so that they won't have to reconfigure their browser). However, the proxy server reports an Invalid Request. Is this even possible? If so, how can I fix this problem? Sorry for asking this question but Thanks anyway.
 
Old 08-02-2007, 03:28 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
What is the request being made? any error messages in the log files etc...? you can't actually request a webpage from the server itself. if you are doing an http 302 redirect to the squid box, then it would lose it's host header so actaully look for / on the squid server, and squid doesn't sere http content at all itself so can't understand it.

Last edited by acid_kewpie; 08-02-2007 at 03:45 AM.
 
Old 08-04-2007, 12:01 PM   #3
espiya7
Member
 
Registered: Jul 2007
Posts: 33

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie
What is the request being made? any error messages in the log files etc...? you can't actually request a webpage from the server itself. if you are doing an http 302 redirect to the squid box, then it would lose it's host header so actaully look for / on the squid server, and squid doesn't sere http content at all itself so can't understand it.
So, right from the start this wasn't possible right? Do you have any suggestions or solutions for this situation?

Gee I thought the packets would still be the same even if they were redirected.e -> me

hehe.

Thanx acid_kewpie
 
Old 08-05-2007, 02:04 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
depends what a "redirect" really means... is this an HTTP 302 or a NAT?
 
Old 08-05-2007, 06:29 AM   #5
espiya7
Member
 
Registered: Jul 2007
Posts: 33

Original Poster
Rep: Reputation: 15
a ok... i was using using the ff pf command:

rdr on xl1 inet proto tcp from { 192.168.165.0/24, !192.168.165.2 } to port 80 -> 192.168.165.2 port 3128


i really don't know if this is an http 302 redirect but i'm sure though that this is not a NAT
 
Old 08-05-2007, 10:54 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
ok, that is a nat, sorry! yes that should work fine, IF squid is correctly configured to work transparently.
 
Old 08-05-2007, 11:15 AM   #7
espiya7
Member
 
Registered: Jul 2007
Posts: 33

Original Poster
Rep: Reputation: 15
i thought it wasn't a NAT coz it didn't have a nat command on it sorry.

Last edited by espiya7; 08-05-2007 at 11:25 AM.
 
Old 08-05-2007, 12:21 PM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
you have Translated a Network Address... TNA... erm... NAT!
 
Old 08-06-2007, 10:26 PM   #9
espiya7
Member
 
Registered: Jul 2007
Posts: 33

Original Poster
Rep: Reputation: 15
Thanks! I was able to redirect the local computers using a different address to use the proxy but I still have to specify the proxy server's address and port. Is it possible to use the proxy without even supplying it on the client's browser given that one has a firewall?
 
Old 08-07-2007, 01:42 AM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
to be honest i can't see a problem with your intended setup, as long as you have explicitly configured squid to act as a transparent proxy. can you show us the squid.conf where this is done?
 
Old 08-07-2007, 02:27 AM   #11
espiya7
Member
 
Registered: Jul 2007
Posts: 33

Original Poster
Rep: Reputation: 15
I was using this one, I got this from the net but it didn't help:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on


it said something like, uknown code or something when i restarted squid???

by the way my squid's version is 2.6

Last edited by espiya7; 08-07-2007 at 02:35 AM.
 
Old 08-07-2007, 03:33 AM   #12
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
you need to offically state it's transparent. http://patchlog.com/general/squid-26-transparent-proxy/
 
Old 08-08-2007, 07:39 AM   #13
espiya7
Member
 
Registered: Jul 2007
Posts: 33

Original Poster
Rep: Reputation: 15
I already made it transparent yet it still doesn't work. There must be something wrong here but I can't figure it out.
 
Old 08-08-2007, 08:45 AM   #14
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
well as above, can you show us the actual configuration then... what you've already pasted is not enough to make it transparent.
 
Old 08-08-2007, 09:02 PM   #15
espiya7
Member
 
Registered: Jul 2007
Posts: 33

Original Poster
Rep: Reputation: 15
Here's the code:


http_port 3128 transparent
icp_port 3130 transparent

#cache_peer 202.90.128.21 parent 3128 3130 no-query default

cache_mem 512 MB

cache_effective_user squidadm
cache_effective_group squidadm

cache_dir ufs /usr/local/squid/cache 40000 94 256

cache_access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log /var/squid/logs/store.log

##########################################Chisteng!!!
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
###########################################
#auth_param scripts
###########################################
#auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd

###################################################################

# ACCESS CONTROLS
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https

# It is safe to enable these ports if you need these services

#acl Safe_ports port 563 # snews
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
#acl Safe_ports port 280 # http-mgmt
#acl Safe_ports port 488 # gss-http
#acl Safe_ports port 591 # filemaker
#acl Safe_ports port 777 # multiling http
acl Safe_ports port 443 # sss
acl CONNECT method CONNECT

acl BADPORTS port 7 9 11 19 22 23 25 53 110 119 513 514

#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

http_access allow manager localhost
http_access allow localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access deny BADPORTS

################################################
# custom config
#
################################################

#acl ncsa_users proxy_auth REQUIRED
acl our_network src 192.168.165.0/255.255.255.0 202.90.133.32/29
acl ceac_network src 192.168.105.0/24
acl test_network src 193.7.7.0/24
acl banned_browser browser "/etc/squid/browser.txt"
acl banned_sites url_regex "/etc/squid/banned_sites.txt"

http_access deny banned_browser
http_access deny banned_sites

#http_access allow ncsa_users
http_access allow our_network
http_access allow ceac_network
http_access allow test_network

http_access deny all

#http_reply_access allow all
icp_access allow all

----------------------------------------------------

Last edited by espiya7; 08-08-2007 at 09:04 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
configure squid proxy with cc proxy as a parent proxy faisi Linux - Networking 1 08-10-2010 01:16 PM
configure squid proxy with microsoft proxy as a parent proxy nintykola Linux - Software 1 08-28-2007 01:38 AM
Squid WPAD proxy getting TCP_DENIED/400 Invalid-request HiOctane21 Linux - Networking 0 02-07-2007 12:49 PM
SSL + Apache2 = Invalid Method in Request TruckStuff Linux - Networking 5 08-29-2004 03:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration