RE: [squid-users] Squid and Symantec Web Security

From: Lucia Di Occhi <saint_lucy@dont-contact.us>
Date: Fri, 24 Dec 2004 04:58:07 +0000

I am guessing you have also tried just pointing a client to the squid box
right?
I am relatively new with all of this but I am going to try and take a wild
guess.

The Symantec proxy is not making a PROXY request to the squid box, instead
it is making a regular HTTP request. Squid may need to be configured in
transparent mode, this is the mode where squid takes a regular request from
a browser as if it was connecting to a web server and not to a proxy server.

Beside the documentation on the squid web page, here is another good link:
http://www.linuxjunkies.org/adminstration%20Howto/webminguide/x5222.htm

>From: "Greg Shepherd" <Greg.Shepherd@netmanaged.com>
>Reply-To: <Greg.Shepherd@netmanaged.com>
>To: <squid-users@squid-cache.org>
>Subject: RE: [squid-users] Squid and Symantec Web Security
>Date: Thu, 23 Dec 2004 23:05:32 -0500
>
>Sorry Lucio. I mis-sent it directly to you instead of to the list.
>
>It appears that I can telnet to port 3128. I telnet to the port from the
>SWS
>server, but it is just blank with no prompts or anything. After typing in
>quit, exit, etc. I see the following text:
>
>HTTP/1.0 400 Bad Request
>Server: squid/2.5.STABLE5
>Mime-Version: 1.0
>Date: Fri, 24 Dec 2004 03:54:48 GMT
>Content-Type: text/html
>Content-Length: 1203
>Expires: Fri, 24 Dec 2004 03:54:48 GMT
>X-Squid-Error: ERR_INVALID_REQ 0
>X-Cache: MISS from igateway.kings
>X-Cache-Lookup: NONE from igateway.kings:3128
>Proxy-Connection: close
>
><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://
>g/TR/html4/loose.dtd">
> <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTE
>html; charset=iso-8859-1">
> <TITLE>ERROR: The requested URL could not be
></TITLE>
> <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-f
>dana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
> </HEAD><BODY>
> <H1>
> >
> <H2>The requested URL could not be retrieved</H2>
> <HR noshade size="1px
>
>
>e trying to process the request:
> <PRE>
> /
>/quiot
>/exit
>exit
>quit
>
>
></PRE>
> <P>
> The following error was encountered:
> <UL>
> <LI>
> <STRONG>
> Invalid Re
>
>RONG>
> </UL>
>
> <P>
> Some aspect of the HTTP Request is invalid. Possible prob
>
><LI>Missing or unknown request method
> <LI>Missing URL
> <LI>Missing HTTP Id
>(HTTP/1.0)
> <LI>Request is too large
> <LI>Content-Length missing for POST o
>uests
> <LI>Illegal character in hostname; underscores are not allowed
> </UL
>
>cache administrator is <A HREF="mailto:webmaster">webmaster</A>.
>
> <BR cl
> >
> <HR noshade size="1px">
> <ADDRESS>
> Generated Fri, 24 Dec 2004 03:54:48 GM
>eway.kings (squid/2.5.STABLE5)
> </ADDRESS>
> </BODY></HTML>
>
>
>Connection to host lost.
>
>Is that expected?
>
>I tested with a regular system by pointing my browser to 3128 and it worked
>fine.
>
>My next step was pointing SWS to 3128 by configuring within SWS 3.0 for
>NT/2000 to point to a proxy server (10.0.0.102:3128 on the internal NIC).
>
>SWS does work (it has been working fine for over a year) directly to the
>Internet and through a firewall with NAT as well. No problems with that
>part.
>
>Just pointing SWS to go to the squid on the SuSe box is where I am having
>problems.
>
>I haven't contacted Symantec yet.
>
>Any suggestions?
>
>Greg
>
>
>-----Original Message-----
>From: Lucio Jankok [mailto:lj@2u2.nu]
>Sent: Thursday, December 23, 2004 9:23 PM
>To: Greg.Shepherd@netmanaged.com
>Subject: Re: [squid-users] Squid and Symantec Web Security
>
>
>Yes we did. Can you do a telnet squid-ip-address 3128 on the SWS ?
>
>
>On 12/24/04 1:42 AM, "Greg Shepherd" <Greg.Shepherd@netmanaged.com> wrote:
>
> > Hello all,
> >
> > I attempted the following configuration:
> >
> > Clients --> Symantec Web Security --> Squid 2.5STABLE5.
> >
> > The SWS server has the capability to forward requests to an upstream
>proxy
> > server (Squid in this case).
> >
> > It only fails with a timeout error message from SWS.
> >
> > I didn't see any issues with this on the Symantec Support site nor in
> > googling except for a single old reference in 2001.
> >
> > Has anyone successfully configured what I am attempting to do?
> >
> > Please help.
> >
> > Thanks,
> >
> > Greg
> >
>
>
>

_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Received on Thu Dec 23 2004 - 21:59:03 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:03 MST