[squid-users] Re: transparent proxy on remote box issue

What I tried:

1)with clean.rules I can connect to VPN and access internet without any
issue
1b)On SQUID or VPN server curl -x http://localhost:3130 www.nba.com works
2) with proxy.rules VPN client get invalid URL (previously mentioned error).
proxy is not intercept or transparent

http_port 3130
http_access allow all

#used the first method
#http://www.tldp.org/HOWTO/TransparentProxy-6.html
export vpnclients=<VPN client IP; ex: 10.10.0.0/24>
export SQUID=<SQUID IP>
export SQUID_PORT=<SQUID PORT>

iptables -t nat -A PREROUTING -i eth0 ! -s ${SQUID} -p tcp --dport 80 -j
DNAT --to ${SQUID}:${SQUID_PORT}
iptables -t nat -A POSTROUTING -o eth0 -s ${vpnclients} -d ${SQUID} -j SNAT
--to ${SQUID}
iptables -A FORWARD -s ${vpnclients} -d ${SQUID} -i eth0 -o eth0 -p tcp --
dport ${SQUID_PORT} -j ACCEPT

It did mention that HTTP/1.0 will not work properly for some reason. It's
not possible to test the second method since EC2 classic doesn't allow me to
add a second network interface (I will probably have to try VPC later on)

I tried to understand the issue from the code but it wasn't 100% clear.

client_side.cc(2319) parseHttpRequest: HTTP Client local=<SQUID IP>:3130
remote=<VPN server>:65090 FD 10 flags=1
client_side.cc(2320) parseHttpRequest: HTTP Client REQUEST:
---------
GET / HTTP/1.1
Host: www.nba.com
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8^M
Cookie: s_fid=32FDC9FA0E2D94CE-297956A1143A207A; s_vi=
[CS]v1|28AFB9BC0501287A-600001094003481F[CE]^M
Connection: keep-alive
Accept-Language: en-us
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_2 like Mac OS X)
AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A501
Safari/9537.53

This looks good to me and works (test and works as a request) but then I see
this error message and then it went to show SQUID's error page. It doesn't
really tell me why it's not working.

client_side.cc(2603) clientProcessRequest: Invalid URL: /

When it works it shows like this (using cmd at 1b), notice FULL URL:

If I do a query of the URL
GET http://www.nba.com HTTP/1.1
User-Agent: curl/7.29.0
Host: www.nba.com
Accept: */*
Proxy-Connection: Keep-Alive

using tshark's log that VPN or SQUID side both contains the same request
info (it has full URI) but in SQUID's cache.log somehow hostname part is
missing. Is there a way for me to debug this by adding more debug logs?
It sounds like some logic is stripping that information. If it was stripped
before it arrived to SQUID then tshark's log would show it but I can clearly
see it in the tshark's log the full URI. Following is tshark log from
SQUID's box and the request is from iphone (over VPN).

0000 47 45 54 20 2f 5f 74 6f 75 63 68 2f 73 63 6f 72 GET /_touch/scor
0010 69 6e 67 2e 68 74 6d 6c 3f 67 61 6d 65 69 64 3d ing.html?gameid=
0020 30 30 31 31 33 30 30 30 39 38 20 48 54 54 50 2f 0011300098 HTTP/
0030 31 2e 31 0d 0a 48 6f 73 74 3a 20 6d 69 2e 6e 62 1.1..Host: mi.nb
0040 61 2e 63 6f 6d 0d 0a 52 65 66 65 72 65 72 3a 20 a.com..Referer:
0050 68 74 74 70 3a 2f 2f 6d 69 2e 6e 62 61 2e 63 6f http://mi.nba.co
0060 6d 2f 5f 74 6f 75 63 68 2f 74 65 61 6d 2e 68 74 m/_touch/team.ht
0070 6d 6c 3f 74 65 61 6d 63 6f 64 65 3d 70 65 6c 69 ml?teamcode=peli
0080 63 61 6e 73 26 61 62 62 72 3d 4e 4f 50 26 74 65 cans&abbr=NOP&te
0090 61 6d 69 64 3d 31 36 31 30 36 31 32 37 34 30 0d amid=1610612740.
00a0 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 .Accept-Encoding
00b0 3a 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 0d : gzip, deflate.
00c0 0a 41 63 63 65 70 74 3a 20 74 65 78 74 2f 68 74 .Accept: text/ht
00d0 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 ml,application/x
00e0 68 74 6d 6c 2b 78 6d 6c 2c 61 70 70 6c 69 63 61 html+xml,applica
00f0 74 69 6f 6e 2f 78 6d 6c 3b 71 3d 30 2e 39 2c 2a tion/xml;q=0.9,*
0100 2f 2a 3b 71 3d 30 2e 38 0d 0a 41 63 63 65 70 74 /*;q=0.8..Accept
0110 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 75 73 -Language: en-us
0120 0d 0a 43 6f 6f 6b 69 65 3a 20 5f 5f 67 61 64 73 ..Cookie: __gads
0130 3d 49 44 3d 61 36 61 64 31 61 61 32 30 63 32 38 =ID=a6ad1aa20c28
0140 64 62 39 61 3a 54 3d 31 33 38 32 37 32 35 36 37 db9a:T=138272567
0150 35 3a 53 3d 41 4c 4e 49 5f 4d 5a 4d 43 4c 76 36 5:S=ALNI_MZMCLv6
0160 4d 38 4d 31 52 6f 4c 4d 43 45 42 4e 4a 45 58 38 M8M1RoLMCEBNJEX8
0170 73 74 38 47 6f 67 3b 20 73 5f 66 69 64 3d 33 32 st8Gog; s_fid=32
0180 46 44 43 39 46 41 30 45 32 44 39 34 43 45 2d 32 FDC9FA0E2D94CE-2
0190 39 37 39 35 36 41 31 31 34 33 41 32 30 37 41 3b 97956A1143A207A;
01a0 20 73 5f 76 69 3d 5b 43 53 5d 76 31 7c 32 38 41 s_vi=[CS]v1|28A
01b0 46 42 39 42 43 30 35 30 31 32 38 37 41 2d 36 30 FB9BC0501287A-60
01c0 30 30 30 31 30 39 34 30 30 33 34 38 31 46 5b 43 0001094003481F[C
01d0 45 5d 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 E]..Connection:
01e0 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 43 61 63 68 keep-alive..Cach
01f0 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 e-Control: max-a
0200 67 65 3d 30 0d 0a 55 73 65 72 2d 41 67 65 6e 74 ge=0..User-Agent
0210 3a 20 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 69 : Mozilla/5.0 (i
0220 50 68 6f 6e 65 3b 20 43 50 55 20 69 50 68 6f 6e Phone; CPU iPhon
0230 65 20 4f 53 20 37 5f 30 5f 32 20 6c 69 6b 65 20 e OS 7_0_2 like
0240 4d 61 63 20 4f 53 20 58 29 20 41 70 70 6c 65 57 Mac OS X) AppleW
0250 65 62 4b 69 74 2f 35 33 37 2e 35 31 2e 31 20 28 ebKit/537.51.1 (
0260 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b KHTML, like Geck
0270 6f 29 20 56 65 72 73 69 6f 6e 2f 37 2e 30 20 4d o) Version/7.0 M
0280 6f 62 69 6c 65 2f 31 31 41 35 30 31 20 53 61 66 obile/11A501 Saf
0290 61 72 69 2f 39 35 33 37 2e 35 33 0d 0a 0d 0a ari/9537.53....

Thanks
Received on Fri Oct 25 2013 - 19:46:36 MDT