On 14/08/2014 6:12 a.m., Robert Cicerelli wrote:
> On 8/13/2014 7:22 AM, Amos Jeffries wrote:
>> On 13/08/2014 10:29 p.m., Robert Cicerelli wrote:
>>> Can anyone offer some help on this?
>>>
>>> I'm having a problem that just started after I implemented squid reverse
>>> proxy. I have a couple of applications on one of the apache servers
>>> behind the reverse proxy. Every time someone tries to upload relatively
>>> large files to the application (7 MB, 30 MB), they get the following
>>> error:
>>>
>>> Request Entity Too Large
>>>
>>> If I try to perform the same operation without going through the squid
>>> reverse proxy, the uploads work with no problems.
>>>
>>> I'm using proxy 3.1.20
>>> <https://github.com/pfsense/pfsense-packages/commits/master/config/31>
>>> on pfsense. I tried posting this issue on the pfsense support forums and
>>> I have gotten zero replies so I'm trying the squid mailing list. The
>>> situation has become a big problem so I would appreciate some help on
>>> this.
>>>
>>> A few parameters I've adjusted to various values with no success:
>>>
>>> Minimum object size
>>> Maximum object size
>>> Memory cache size
>>> Maximum download size
>>> Maximum upload size
>>>
>>> Thanks a lot
>>>
>> Can you provide a sample of the request HTTP headers being sent to Squid
>> for one of these failed uploads?
>>
>> Amos
>>
>>
>>
> One more thing to add that I just discovered:
The terminology used in your description may be clear when applied to an
origin server, but becomes unclear when applied to a proxy situation
(where there are two of everything).
>
> First a little background for the sake of clarification, I'm using squid
> in reverse proxy in order to forward appropriate https requests to
> multiple servers behind the firewall since we only have on public IP
> address.
Okay, so far good.
> In the particular instance I'm having a problem with, we have a
> web application on one of the web servers that's running over https.
Okay.
> So,
> I created a webserver in squid
Did you mean a http_port with "accel" configured? ...
> pointing to the IP of the actual
> webserver
... or a cache_peer directive?
> and I set the port to 443 since the web application on the
> web server is only configured to respond to 443.
... sounds like cache_peer. But, did you also set "ssl" flag and SSL/TLS
options to make the connection HTTPS, or just leave it sending HTTP to
port 443?
> Then i created a
> mapping group
a what?
> that listened for four https URIs, one of the URIs being
> the secure web application in question and I binded it to the webserver
> I created earlier.
huh? "binded" how exactly?
If you can provide your squid.conf it would be really helpful
understanding this.
Amos
>
> So now, as a test, I created a virtual host to listen on port 80 for the
> web application in question in addition to the virtual host listening on
> 443. I removed the URI for that app from the existing mapping group. I
> created another webserver in squid and this time instead of pointing it
> to port 443 I pointed to port 80. Then I created another mapping group
> that listened for the web application on 443 and I binded it to the
> newly created webserver which is now pointed to 80. I tested the file
> upload and it worked like a charm. So, the problem seems to arise when i
> create a web server in squid and point it to port 443 of the webserver.
> And just in case anyone asks, I did disable internal certificate. Not
> sure if that makes a difference.
>
> Hopefully what i wrote is clear and it will help pinpoint the problem.
>
> Thanks a lot
>
>
>
Received on Thu Aug 14 2014 - 12:11:14 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 14 2014 - 12:00:05 MDT