[squid-users] problem with transparent and invalid URLs

From: Leonardo Rodrigues Magalh„es <leolistas@dont-contact.us>
Date: Sat, 05 Apr 2008 18:40:13 -0300

    Hello Guys,

    i'm having problems with the following scenario:

    Linux (Fedora 8) with kernel 2.6.24.3
    squid 3.0-stable4 correctly compiled with --enable-linux-netfilter
    http_port 8080 transparent in squid.conf

    DNAT rule pointing tcp/80 traffic to squid port 8080

    transparent proxy works fine except for accessing the own machine
that is running squid, which also runs a web server.

    if i manually point squid on firefox/IE proxy configurations, it
works. But if i let the connection be intercepted, then i only get
'Invalid URL' errors.

    debug shows:

2008/04/05 18:04:54.338| parseHttpRequest: Request Header is
Host: 192.168.0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; Alexa;
rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

2008/04/05 18:04:54.338| parseHttpRequest: Complete request received
2008/04/05 18:04:54.338| clientParseRequest: FD 50: parsed a request
2008/04/05 18:04:54.338| commSetTimeout: FD 50 timeout 86400
2008/04/05 18:04:54.338| cbdataUnlock: 0x8608068=1
2008/04/05 18:04:54.338| cbdataLock: 0x89a6abc=2
2008/04/05 18:04:54.338| Invalid URL: /admin/cacti/graph_view.php

    Please note that request has the correct Host: header, but after
parsed, the request it's consider to be only
'/admin/cacti/graph_view.php', which is incorrect, as it should be
http://192.168.0.1/admin/cacti/graph_view.php.

    Other requests, NOT for the own machine that is running squid, works
just fine:

2008/04/05 18:07:49.915| parseHttpRequest: Complete request received
2008/04/05 18:07:49.915| clientParseRequest: FD 76: parsed a request
2008/04/05 18:07:49.915| commSetTimeout: FD 76 timeout 86400
2008/04/05 18:07:49.915| cbdataUnlock: 0x8608824=1
2008/04/05 18:07:49.915| cbdataLock: 0x89a6e00=2
2008/04/05 18:07:49.915| init-ing hdr: 0x89aea2c owner: 2
2008/04/05 18:07:49.915| parsing hdr: (0x89aea2c)
Host: www.terra.com.br
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; Alexa;
rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13
Accept: */*
Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://www.terra.com.br/capa/
Cookie: TERRA=c90f7546025631174786070000000169c8b00342; cAtmE=1;
cAtmS=1; cAtmR=

2008/04/05 18:07:49.915| parsing HttpHeaderEntry: near 'Host:
www.terra.com.br'
2008/04/05 18:07:49.915| parsed HttpHeaderEntry: 'Host: www.terra.com.br'
2008/04/05 18:07:49.915| created HttpHeaderEntry 0x89c7328: 'Host :
www.terra.com.br

-- 
	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br
	Minha armadilha de SPAM, N√O mandem email
	gertrudes@solutti.com.br
	My SPAMTRAP, do not email it
Received on Sat Apr 05 2008 - 15:40:29 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT