Re: SPAM: Re: [squid-users] Squid 3.2 Logging, and HTTPS post problem

I still haven't solved this issue, I have built an entirely new virtual
machine, from the ground up, with a more limited configuration only
using a single Apache Process running on 127.0.0.1 behind it, and a
single website domain. The problem is still there, logging had nothing
to do with it, it appears that my earlier assumed success was either a
one time thing or the 70 hours of work last week just caught up with me,
and I thought there was an s on the end of the http that wasn't there,
and my success was on plain http which has always worked.

Unless the bellow logs give anyone any ideas, as to whats causing the
issue, I can only think of few more things to try, first rebuild server
again, sticking with gcc all the way and no use of clang. If that still
fails, rebuild again on FreeBSD 9.0, with clang, and then again with gcc
if that fails. If even that fails I will be stuck back on the 3.1
branch on FreeBSD 9.0.

On 01/26/2013 12:25 am, Amos Jeffries wrote:

         ## Define Listening Port Options # Port 80 HTTP traffic
http_port 10.50.20.10:80 accel defaultsite=www.website1.com # Port 443
HTTPS traffic sslproxy_options
NO_SSLv2:NO_TLSv1:CIPHER_SERVER_PREFERENCE sslproxy_cipher
RC4:!MD5:!aNULL:!EDH https_port 10.50.20.10:443 accel
defaultsite=www.website1.com \
cert=/usr/local/etc/squid/certs/orscheln-bundle.crt \
key=/usr/local/etc/squid/certs/orscheln.key \
options=NO_SSLv2:NO_TLSv1:CIPHER_SERVER_PREFERENCE \
cipher=RC4:!MD5:!aNULL:!EDH

     Well one thing to be aware of that may be related is a change in
vhost. I n3.1 series the above http_port settings used to force every
incoming request to have FQDN "www.website1.com". With 3.2 the Host:
header is used to reconstruct the URL. URL-rewrite helper operates on
the URL after this reconstruction happens.

I did have vhost on the 3.1 configuration, removed after I found out it
was default for 3.2

Here is the current running Configuration, on my new test server

## Define Listening Port Options
# Port 80 HTTP traffic
http_port 192.168.5.30:80 accel defaultsite=revproxy1.dweimer.local
# Port 443 HTTPS traffic
sslproxy_options NO_SSLv2:NO_TLSv1:CIPHER_SERVER_PREFERENCE
sslproxy_cipher RC4:!MD5:!aNULL:!EDH
https_port 192.168.5.30:443 accel defaultsite=revproxy.dweimer.local \
   cert=/usr/local/etc/squid/certs/dweimer-bundle.crt \
   key=/usr/local/etc/squid/certs/dweimer.key \
   options=NO_SSLv2:NO_TLSv1:CIPHER_SERVER_PREFERENCE \
   cipher=RC4:!MD5:!aNULL:!EDH

## Access Control Lists
# Port ACL Lists
acl PORT80 port 80
acl PORT443 port 443
# Network ACL Lists
acl DMZ src 10.50.0.0/16
acl LAN src 10.0.0.0/8 192.168.0.0/16 172.16.0.0/12
# Protocol ACL Lists
acl SSL proto HTTPS
# Method ACL Lists
acl PURGE method PURGE
# Destination Domain ACL Lists
acl REVPROXYCOM dstdomain revproxy.dweimer.local

## Access Rules
# Deny First For Security
http_access deny MANAGER !LAN
http_access deny PURGE !LAN
# Allow Specific SSL
http_access allow REVPROXYCOM SSL
# Prevent Other SSL
http_access deny SSL
# Allow Non SSL stuff
http_access allow MANAGER LOCALHOST
http_access allow PURGE LOCALHOST
http_access allow REVPROXYCOM
# Deny Last For Security
http_access deny all

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/squid/cache 5120 16 256
maximum_object_size 8 MB

# Set Cache Log Options
debug_options rotate=20 ALL,4
cache_log /var/log/squid/cache.log

# Set Cache Access Logs
access_log daemon:/var/log/squid/access.log squid all
## Site Logs
# REVPROXY1
access_log daemon:/var/log/squid/revproxy.log combined REVPROXYCOM

# Leave coredumps in the first cache dir
coredump_dir /var/squid/cache

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# Set Email of Cache Administrator
cache_mgr dweimer_at_dweimer.net

# Set effective user and group for Cache
cache_effective_user squid
cache_effective_group squid

# Set vissable Host Name, for error messages
visible_hostname revproxy.dweimer.local

# Define Custom Error Pages
err_page_stylesheet /usr/local/etc/squid/custom_errors/errorpage.css
error_directory /usr/local/etc/squid/custom_errors

# DNS servers
dns_nameservers 192.168.5.3

# Hosts File
hosts_file /etc/hosts

# Speed Up Shutdown While Testing
shutdown_lifetime 1

# https://revproxy1.dweimer.com
cache_peer 127.0.0.1 parent 443 0 ssl no-query no-digest
no-netdb-exchange originserver name=local_ssl_parent
sslcapath=/usr/local/share/certs sslflags=DONT_VERIFY_PEER
cache_peer_access local_ssl_parent allow REVPROXYCOM SSL
# http://revproxy1.dweimer.com
cache_peer 127.0.0.1 parent 80 0 no-query no-digest no-netdb-exchange
originserver name=local_parent
cache_peer_access local_parent allow REVPROXYCOM !SSL

Apache is running on port https://192.168.5.30:8443 as well as the
https://127.0.0.1:443, I have verify the same client can submit a
successful upload to the 8443 port. To verify that the HTTPS problem
isn't on the Apache side.

Here is the relevant output from the logs running at debug level 4,
from what I can tell, Squid is still waiting for data, but the client
has stopped sending after a few seconds, and finally after about 5
minutes. It gives the output as if it had succeeded, but Apache doesn't
receive the file.

Link to log, first attempt to send got blocked do to size:
<http://www.dweimer.net/temp/squid-cache.log>

-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/