Problem: Squid: The requested URL could not be retrived
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Problem: Squid: The requested URL could not be retrived
Hi, I'm setting up a squid proxy on a Debian Etch machine, I compiled with:
Code:
# ./configure --prefix=/usr/local/squid --enable-delay-pools --enable-cache-digests --enable-poll --disable-ident-lookups --enable-truncate --enable-removal-policies
# make all
# make install
I'm redirecting www requests from LAN to squid server, squid is located on the LAN gateway, redirecting works, but when some browser from the lan tries to open ANY (example: http://www.google.com) page it comes with the following:
Code:
ERROR
The requested URL could not be retrieved
____________________________________________________
While trying to retrieve the URL: /
Invalid URL
Some aspect of the URL is incorrect. Possible problems:
Missing or incorrect access protocol (should be `http://" or similar)
Missing hostname
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed
Your cache administrator is webmaster.
_________________________________________________
Generated Fri, 11 Jan 2008 18:30:27 GMT by debian.gateway.2wire.net (squid/3.0.STABLE1)
this shows up with any page, dns is working, I wiresharked it, the requests reaches the proxy but they don't go out. Even a local a server on the same net as the proxy won't show up.
I think I'm doing something wrong, cause I've tried squid on a opensuse 10.3 with the same exact result
Does the order of http_access deny|allow matter, does it has a priority?
Here's my iptables sh script and squid.conf, any ideas would be welcome.
Code:
# File: firewall.sh
#!/bin/bash
IPLAN="172.16.1.1"
IPEXT="192.168.1.82"
IPSRV="172.16.1.2"
IFLAN="eth1"
IFEXT="eth0"
sudo ifconfig $IFLAN $IPLAN
sudo ifconfig $IFEXT $IPEXT
#Habilitar redireccionamiento de ip
sudo echo 1 > /proc/sys/net/ipv4/ip_forward
sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
#políticas por defecto: tira todo.
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT DROP
#Anti DoS: permite hasta 3 peticiones máximo en 5 segundos al servidor HTTP
sudo iptables -A FORWARD -p tcp -i $IFEXT -o $IFLAN --dport 80 -j DROP --syn -m recent --name antidos --rcheck --seconds 5 --hitcount 4
#Reglas para acceso externo a servidor HTTP
sudo iptables -t nat -A PREROUTING -p tcp -i $IFEXT --dport 80 -j DNAT --to-destination $IPSRV --syn -m recent --name antidos --set
sudo iptables -A FORWARD -p tcp -i $IFEXT -o $IFLAN --dport 80 -j ACCEPT
sudo iptables -A FORWARD -p tcp -i $IFLAN -o $IFEXT --sport 80 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -p tcp -o $IFLAN --dport 80 -j SNAT --to-source $IPLAN
#Reglas para DNS de la LAN
#sudo iptables -t nat -A PREROUTING -p udp -i $IFEXT --sport 53 -j DNAT --to-destination $IPSRV
sudo iptables -t nat -A POSTROUTING -p udp -o $IFEXT --dport 53 -j SNAT --to-source $IPEXT
sudo iptables -A FORWARD -s $IPSRV -p udp -i $IFLAN -o $IFEXT --dport 53 -j ACCEPT
sudo iptables -A FORWARD -p udp -i $IFEXT -o $IFLAN --sport 53 -j ACCEPT
#reglas para squid
sudo iptables -A INPUT -p udp -i $IFEXT --sport 53 -j ACCEPT
sudo iptables -A OUTPUT -p udp -o $IFEXT --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp -i $IFEXT --sport 80 -j ACCEPT
sudo iptables -A OUTPUT -p tcp -o $IFEXT --dport 80 -j ACCEPT
sudo iptables -t nat -A PREROUTING -p tcp -i $IFLAN --dport 80 -j REDIRECT --to-ports 6666
sudo iptables -A INPUT -p tcp -i $IFLAN --dport 6666 -j ACCEPT
sudo iptables -A OUTPUT -p tcp -o $IFLAN --sport 6666 -j ACCEPT
i've not seen that squid behaviour directly, and i'm sure someone else could instantly tell you, but within wireshark, what are the full http headers that are being sent? maybe there's no HOST header field in it...
I've setup squid on debian etch, never had any problem. Why did you recompile it? apt-get install squid works fine... try that one and see if the problem goes away.
HTTP/1.0 400 Bad Request\r\n
Server: squid/3.0.STABLE1\r\n
Mime-Version: 1.0\r\n
Date: Sun, 13 Jan 2008 15:29:51 GMT\r\n
Content-Type: text/html\r\n
Content-Length: 1449
Expires: Sun, 13 Jan 2008 15:29:51 GMT\r\n
X-Squid-Error: ERR_INVALID_URL 0\r\n
X-Cache: MISS from debian.gateway.2wire.net\r\n
X-Cache-Lookup: NONE from debian.gateway.2wire.net:6666\r\n
Via: 1.0 debian.gateway.2wire.net (squid/3.0.STABLE1)\r\n
Proxy-Connection: close\r\n
\r\n
and then comes the html page with the error, i've already posted... there's no forwarding to the other interface. But I've allowed http and DNS outgoing requests from squid server with iptables.
Quote:
apt-get install squid works fine... try that one and see if the problem goes away.
Ok i uninstalled (make uninstall), and did apt-get install squid, with no problems at all. Restarted squid, but the problem stills the same. May be something is wrong with my squid.conf?
I did <telnet google.com 80> from the command line on suse client from the LAN. then:
Code:
GET / HTTP/1.1
Host: google.com
//putted an aditional <ENTER> here.
But it stills the same, squid sends the same page. If no http_access allow rule matches the request, what does squid prompts? does it prompts the page I'm getting?
ah, ok i think it's down to the lack of a transparent defintion with the listening port. the right config will move to derive the required data from generic http headers rather than the stnadard proxy enabled headers that the client would send if known to be using a proxy.
ah, ok i think it's down to the lack of a transparent defintion with the listening port. the right config will move to derive the required data from generic http headers rather than the stnadard proxy enabled headers that the client would send if known to be using a proxy.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.