AW: [squid-users] Troubleshooting squid: modified content

Jeff, thank you for your kind support.

The technical description of my setup follows, after comments on your reply.

If I get your config change correct, you bypass the squid proxying by using
kb.4d.com as a peer cache, right? Why do you do this? Were you able to
verify my problem if you run your squid WITHOUT your additional lines?

Passing SSL Traffic through squid worked seamlessly the last few years, so I
did not take a close look on the documentation on that. I will do so, soon.

TECHNICAL DESCRIPTION
======================

First, I have tested two diffrent Squid versions on my debian based proxy:
2.7STABLE3 and Version 3.0.STABLE8:

proxy:/proxy/polipo# /usr/sbin/squid -v
Squid Cache: Version 2.7.STABLE3
configure options: '--prefix=/usr' '--exec_prefix=/usr'
'--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid'
'--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid'
'--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads'
'--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter'
'--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap'
'--enable-snmp' '--enable-delay-pools' '--enable-htcp'
'--enable-cache-digests' '--enable-underscores' '--enable-referer-log'
'--enable-useragent-log' '--enable-auth=basic,digest,ntlm,negotiate'
'--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp'
'--enable-follow-x-forwarded-for' '--with-large-files' '--with-maxfd=65536'
'i386-debian-linux' 'build_alias=i386-debian-linux'
'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux'
'CFLAGS=-Wall -g -O2' 'LDFLAGS=' 'CPPFLAGS='

proxy:/proxy/polipo# /usr/sbin/squid3 -v
Squid Cache: Version 3.0.STABLE8
configure options: '--build=i486-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--libexecdir=${prefix}/lib/squid3' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--srcdir=.' '--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3' '--mandir=/usr/share/man'
'--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,coss,diskd,null'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-cache-digests' '--enable-underscores' '--enable-icap-client'
'--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,getpwnam,multi-d
omain-NTLM' '--enable-ntlm-auth-helpers=SMB'
'--enable-digest-auth-helpers=ldap,password'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_
group' '--with-filedescriptors=65536' '--with-default-user=proxy'
'--enable-epoll' '--enable-linux-netfilter' 'build_alias=i486-linux-gnu'
'CC=cc' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXX=g++'
'CXXFLAGS=-g -O2 -g -Wall -O2' 'FFLAGS=-g -O2'

The setup is:

LAN -----> Squid ----> DSL Router ----> Internet

The Squid setup is:

proxy:~/# grep -v "#" /etc/squid/squid.conf| grep -v '^$'
http_port 8080
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
maximum_object_size 100000 KB
cache_dir ufs /proxy/cache 1500 128 256
cache_access_log /proxy/log/access.log
cache_log /proxy/log/cache.log
cache_store_log /proxy/log/store.log
debug_options ALL,1
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.2.0/24 192.168.0.0/24 192.168.250.0/24
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr webmaster_at_itserv.de
logfile_rotate 5
coredump_dir /var/spool/squid

There seems to be no magic....

There is one strange thing in my cache.log file when I enter
http://kb.4d.com:

2009/05/04 07:19:22| ctx: exit level 0
2009/05/04 07:19:22| ctx: enter level 0:
'http://kb.4d.com/DAX/logout?sessionid='
2009/05/04 07:19:22| WARNING: HTTP header contains NULL characters {Server:
4D_v11_SQL/11.4.0
Date: Mon, 03 May 2009 05:19:22 GMT
Cache-Control: max-age=0, private, must-revalidate
Connection: close
Content-length: 178
Content-Type: text/xml
Expires: ue, 04 May 99 05:19:22 GMT}

>
> Sig Pam:
> > Hi Folks!
> >
> > I have the problem that squid obviously modifies web site
> contents during
> > transit. For example, using the web site http://kb.4d.com
> through a squid
> > proxy does not work (will not show the knowlegebase content).
>
> I added the config below to squid-3.0-stable14 here, it works fine.
>
> cache_peer 64.94.92.31 parent 80 0 no-query front-end-https=auto
> originserver name=origin_3_1
> acl service_3 dstdomain kb.4d.com
> cache_peer_access origin_3_1 allow service_3
>
> How are you using squid for the site? with a reverse proxy?
> what's the
> squid version?
>
> >
> > The same happens if I try to send data via https to the
> german tax office
> > (ELSTER - ELektronische STeuerERklärung). Sending tax
> reports does'nt work
> > through squid, but works with polipo.
> >
>
> Passing https requests through Squid need additional config
> like the SSL
> certificate and private key.
> You may double check squid.conf and logs for details.
>
> >
> > Maybe somebody could point me to a good starting point to
> fix the squid. As
> > far as I know, squid should not do any content filtering ba
> itself - or does
> > it?
> >
>
> YES Squid won't modify HTTP response body unless you specify
> it to do that.
>
> --
> Jeff Pang
> DingTong Technology
> www.dtonenetworks.com
>
>
Received on Mon May 04 2009 - 08:09:18 MDT