RE: [squid-users] RE: Squid Accelerator and SSL, Unsupported method "L"

From: Kent, Mr. John (Contractor) <kent@dont-contact.us>
Date: Fri, 13 Feb 2004 14:14:28 -0800

Duane and Henrik,

Thank you both for responding. I'm thinking that a glance at my
config file will reveal the problem to you so here it is:

What I'm trying to do is run Squid on port 9999 for testing,
have it accelerate servers listening to port 7777 and also
be able to redirect 443 requests, with SSL authentication being
handled by Squid.

John Kent
Webmaster
Naval Research Laboratory
Monterey, California
http://www.nrlmry.navy.mil

#############################################################################################

http_port 199.9.2.137:9999 vport=7777
https_port 199.9.2.137:443 cert=/users/webuser/squid3.0/etc/ssl.crt/webcache2.crt key=/users/webuser/squid3.0/etc/ssl.key/webcache2.key

sslproxy_flags DONT_VERIFY_PEER
icp_port 0

acl RUDE_IP src "/users/webuser/www_squid/dyn_conf/Rude_Robots_IP.txt"
http_access deny RUDE_IP

hierarchy_stoplist /tc\_pages /cgi\-bin /sat\-bin /tc\-bin /focus\-bin /~ /goes\_cc /coamps\-reg

acl QUERY urlpath_regex sat_products nrlonly focus dmso tc_home2 flambe adap bacimo tc_home\.html proddemo researchproj agenda headlines sampson pubs aboutdivision fleet_apps home_30 subfoot THUMB\.jpg LATEST\.jpg Latest\.jpg swish dev \~ dev\-bin tc\-dev Mod\-dev training SAIC shared\-bin shared swish cgi\-bin sat\-dev goes\_cc cc composer coamps\-reg wusage sys\-bin banner aerosol Case\_
no_cache deny QUERY

cache_mem 8 MB

cache_dir diskd /users/webuser/squid3.0/var/cache 12000 16 256 Q1=72 Q2=64

emulate_httpd_log on

redirect_program /users/webuser/squid3.0/dyn_conf/ssl_redirect.pl
redirect_children 10

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl acceleratedHost dst 199.9.2.134/255.255.255.255 199.9.2.135/255.255.255.255 199.9.2.136/255.255.255.255 199.9.2.137/255.255.255.255 199.9.2.108/255.255.255.255 199.9.2.48/255.255.255.255 199.9.2.69/255.255.255.255 199.9.2.33/255.255.255.255 199.9.2.43/255.255.255.255 199.9.2.92/255.255.255.255 199.9.2.100/255.255.255.255 199.9.2.101/255.255.255.255 199.9.2.102/255.255.255.255 199.9.2.103/255.255.255.255 199.9.2.44/255.255.255.255 199.9.2.72/255.255.255.255 199.9.2.109/255.255.255.255 199.9.2.110/255.255.255.255 199.9.2.111/255.255.255.255 199.9.2.126/255.255.255.255

acl ssl_noauth dstdomain io.nrlmry.navy.mil
acl acceleratedPort port 7777 8888
acl myserver src 127.0.0.1/255.255.255.255

acl manager proto cache_object
#acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl Methods method GET POST HEAD

# Cachemgr related acl's
        acl manager proto cache_object
        acl localhost src 127.0.0.1/255.255.255.255
        acl example src 199.9.2.136/255.255.255.255
        acl example src 199.9.2.137/255.255.255.255
        acl all src 0.0.0.0/0.0.0.0
        http_access allow manager localhost
        http_access allow manager example
        http_access deny manager
        http_access allow all

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow acceleratedHost acceleratedPort
http_access allow Methods

http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

acl local-servers dstdomain nrlmry.navy.mil
always_direct allow all

# And finally deny all other access to this proxy
http_access deny all

http_reply_access allow all

#Default:
cache_effective_user webuser
cache_effective_group webgroup

logfile_rotate 30

# strip_query_terms on
strip_query_terms off

###############################################################################
-----Original Message-----
From: Duane Wessels [mailto:wessels@squid-cache.org]
Sent: Friday, February 13, 2004 1:03 PM
To: Kent, Mr. John (Contractor)
Cc: Squid_Users (E-mail)
Subject: Re: [squid-users] RE: Squid Accelerator and SSL, Unsupported
method "L"

On Fri, 13 Feb 2004, Kent, Mr. John (Contractor) wrote:

> Greetings,
>
> Setting up Squid3.0 as an accelerator that needs to handle SSL.
>
> As you recommended Henrik:
> Un-encrypted my key. Modified key and cert permissions.
> No longer get FATAL: Bungled squid.conf error. ! Good.
>
> For testing running Squid on port 9999
> That works fine.
>
> But when I attempt to access https://.......:9999
> I get nothing.
>
> The cache log shows:
>
> 2004/02/13 10:36:37| clientProcessRequest: Invalid Request
> 2004/02/13 10:36:46| parseHttpRequest: Requestheader contains NULL characters
> 2004/02/13 10:36:46| clientParseRequestMethod: Unsupported method 'L' <----Bad!
> 2004/02/13 10:36:46| clientProcessRequest: Invalid Request

Did you put 'http_port 9999' or 'https_port 9999'?

Duane W.
Received on Fri Feb 13 2004 - 15:15:50 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST