Re: [squid-users] forward and reverse proxy in 3.1.x https forward proxy failing

From: Amos Jeffries <>
Date: Mon, 01 Nov 2010 20:56:38 +0000

On Mon, 1 Nov 2010 12:41:44 -0500, "Dean Weimer" <>
> I had an older machine that was still running 3.0 STABLE 12, that was
> functioning as a forward and reverse proxy using port 80 for both. And
> reverse proxy for one site on Port 443, the machine sits in a DMZ the
> forward proxy only directs about to web sites for machines connected
> through WAN connections, and functions as a reverse proxy for those
> machines when connecting to a couple internal sites. This machine had a
> hardware failure last night and I was forced to put in place the newer
> machine that had already had the software installed but wasn't
> or tested yet.
> The problem I am having is that this machine running squid 3.1.9
> fine as both forward and reverse for http websites, and is working for
> reverse HTTPS site, though I had to use the sslproxy_cert_error acl
> to bypass a cert error, even though the cert is valid, it's not
> it. That's a minor problem though, as its functioning. The more
> problem is that HTTPS forward proxy is not working, the logs show an
> every time stating a connect method was received on an accelerator port.
> 2010/11/01 12:26:43| clientProcessRequest: Invalid Request
> 2010/11/01 12:26:44| WARNING: CONNECT method received on http
> port 80
> 2010/11/01 12:26:44| WARNING: for request: CONNECT
> HTTP/1.0
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR
> 1.1.4322)
> Host:
> Content-Length: 0
> Proxy-Connection: Keep-Alive
> Pragma: no-cache
> Is using the same port for both forward of http & https not allowed
> using it for a reverse proxy anymore?

It's never been allowed. The ability in older Squid was a bug.
You will need a separate http_port line for the two modes if you want
CONNECT tunnels.

It's a good idea to keep each of the four modes (forward, reverse,
intercept and transparent) on separate http_port. From 3.1 onwards this is
being enforced where possible.

Received on Mon Nov 01 2010 - 20:56:42 MDT

This archive was generated by hypermail 2.2.0 : Tue Nov 02 2010 - 12:00:02 MDT