[squid-users] Re: ERR_INVALID_REQ - Invalid Request

Based on the responses I have received from this list, I have made the
following change:

Original line: http_port 3328
Changed line: http_port 3328 transparent

I have determined that my squid was configured
with --enable-linux-netfilter.

I also changed no_cache deny QUERY to cache deny QUERY, altough squid did
not give me an error about this.

Then I received a new error from my web browser. It was something about "the
request cannot be forwarded at this time, squid is not allowed to contact
servers directly and there are no parent proxies available" or something
like that.

So I had to add the following to my squid.conf:

always_direct allow all

Is this a correct? Is this supposed to be in my configuration or is it a
hack/security risk/workaround? I read the documentation and I don't really
understand it, but it did get me past that error.

Now I have a new problem once again. My DNS lookups were timing out, squid
was reporting "the dnsserver returned: TIMEOUT"

I checked my /etc/resolv.conf and it has listed the 2 DNS servers that I got
from my ISP when I connected (using pon/poff)

So, for some reason squid is NOT reading my /etc/resolv.conf file.

To work around this problem I have added the following line to my squid.conf
file:
dns_nameservers XXX.XXX.XXX.XXX

According to documentation, I should NOT need the above line if I do indeed
have an /etc/resolv.conf file. So this is an obvious band-aid that needs to
be fixed!! My DNS servers change every time I reconnect. But when the line
is there...

IT FINALLY WORKS!!!!( Once I figured out that redirect_program was changed
to url_rewrite_program) [rant] honestly, that pees me off - why change the
name of a variable if it has the same function? To make it so that people
cannot use their tried and true conf files when they upgrade, that's why.
[/rant]

To recap, my questions are:
1. Is always_direct allow all supposed to be there?
2. How to get squid to read my /etc/resolv.conf file?

Thank you very much.

Angela Burrell

-----Original Message-----
From: Angela Burrell [mailto:angela@jobsearchnetwork.ca]
Sent: March 1, 2007 2:42 PM
To: squid users
Subject: ERR_INVALID_REQ - Invalid Request

Hi I hope someone can help me!

I am running Squid 2.6.STABLE1 on Ubuntu Edgy 6.10 (Kernel 2.6.17-amd64).
Squid is listening on port 3328. I am in the process of changing servers
from Mandrake MNF, Kernel 2.4.18-8 with Squid 2.4.STABLE7. I want my
configurations to be exactly the same, so I have copied over lots of things
like my squid.conf and my firewall script. The configuration file I have
included currently works with my old server.

On my new Ubuntu server the squid program starts up OK. Oh, I also have
SquidGuard running.

This is the line in my firewall that redirects the HTTP requests from port
80 to port 3328:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j
REDIRECT --to-port 3328

When I comment out this line, clients on the LAN can get through to the
Internet. When the above line is implemented, we get the following error in
all browsers, to all hosts. ERR_INVALID_REQ

The following error was encountered:
Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:
Missing or unknown request method
Missing URL
Missing HTTP Identifier (HTTP/1.0)
Request is too large
Content-Length missing for POST or PUT requests
Illegal character in hostname; underscores are not allowed
Your cache administrator is webmaster.

Generated Wed, 28 Feb 2007 22:49:09 GMT by squid (squid/2.6.STABLE1)

Here is my squid.conf file, hoping it will help.
############################
http_port 3328

icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \ ?
no_cache deny QUERY
cache_mem 16 MB
cache_dir diskd /var/spool/squid 1000 16 256

# Redirector
redirect_program /usr/local/bin/squidGuard -c /etc/squid/squidGuard.conf
redirect_children 32

half_closed_clients off

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

# ACLs
acl Eth1 src 192.168.1.0/255.255.255.0

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports 280 488 591 777 22
acl CONNECT method CONNECT
acl PURGE method PURGE

# the below line is to set the local website not to cache
acl erc dstdomain .ercsarnia.ca
acl erc dstdomain .ercsarnia.com
always_direct allow erc
no_cache deny erc

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow Eth1
http_access allow PURGE localhost
http_access deny PURGE
http_access deny all
icp_access allow all
miss_access allow all

# The below line is for compatibility with Hotmail
# anonymize_headers deny Accept-Encoding # doesn't work with squid 2.6?

# user/group
cache_effective_user squid
cache_effective_group squid
visible_hostname squid

# Timeout settings
connect_timeout 2 minutes
request_timeout 30 seconds

# Customised error pages
err_html_text angela@lchras.ca # doesnt seem to work?

memory_pools off
######################################
Received on Fri Mar 02 2007 - 16:41:08 MST