[squid-users] Re: Squid Mailing List (fwd)

I have been puzzling over this for quite sometime now and have made no
progress, so would like to post it for discussion to see if anyone here can
help...

We are currently using a Gauntlet v6 firewall for our internal network
which passes requests to a Squid proxy running Squid 2.4.STABLE1 with the
latest available patches. The setup on the Gauntlet firewall is a HTTP
adaptive proxy without content filtering and other options configured, and
with a handoff of the Squid proxy on port 80. The Squid proxy receives
requests on port 80 and passes them on to the internet.

Our problem is the following:

When a user running Internet Explorer using HTTP/1.1 proxy requests
pointing at the Gauntlet box or HTTP/1.1 turned on and no proxy set
(transparent through Gauntlet) tries to request some sites, they will
receive the default site for a given IP address rather than the site they
requested. Netscape users or users running HTTP/1.0 receive the correct
site. Examples are the following:

Web Client requests www.smh.com.au, and receives www.f2.com.au
Web Client requests www.strategic-planning.com, and receives
www.mbase.com.au

We have placed a packet sniffer on the Squid box and found the following:

Requests coming into the Squid box from IE through Gauntlet are of the
following format:

GET http://203.26.51.42/ HTTP/1.0
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)
Host: www.smh.com.au

Note the IP address in the GET request and the hostname in the Host:
header. The problem appears to be that Squid is not forwarding the Host:
header as a hostname. ie., the following request is sent by Squid to the
destination site:

GET / HTTP/1.0
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)
Via: 1.0 REMOVED:3128 (Squid/2.4.STABLE1)
X-Forwarded-For: REMOVED
Host: 203.26.51.42
Cache-Control: max-age=259200
Connection: keep-alive

(The REMOVED items were removed for reasons of internal security).

Here, the Host: header is being extracted from the GET line and not the Host: line. I believe this is the problem.

Does anyone here know how I would go about fixing this to make Squid
forward the Host: line correctly? - or even any variations on our
configuration for Gauntlet and/or Squid which would cause the requests to
be forwarded correctly? (besides placing the Squid box inside the firewall
- we would prefer not to do that at this stage).

Any help would be appreciated.

Thanks in advance.

regards,

Simon.

Email: haze@zzap.org
Received on Tue Jun 12 2001 - 23:05:09 MDT