[squid-users] Invalid URL error for https site first time

From: Mark Krawec <[email protected]>
Date: Mon, 4 Apr 2005 14:50:18 -0700

Our configuration is squid-2.5.STABLE7 using squid_ldap_auth on RH 7.3.
Our browser is IE 6.0 SP1 and users are running W2k.
The problem is our users are getting an "invalid URL" error
page from Squid when they go to a secure site as their first destination.
If they go to a non-secure site first they have no problem going to the
secure site with the same browser. Once they get the "invalid URL" error
they can click refresh to go to the page. I've seen this asked before but
I've never seen a definitive answer on why this was happening and what was
at fault (IE or Squid).

A snippet of the packet trace is below. It's interesting because Squid says
it received a malformed URL which looks fine to me (packet #9). The other
interesting thing is the Proxy never sends the browser an indication that the
HTTP connection is established which I think has to happen before the browser
should send a GET. Does anyone know why this is happening and if there's a
fix or workaround.

Thanks,

Mark

No. Time Source Destination Protocol Info
      1 0.000000 10.51.64.77 10.203.1.46 TCP 1428
> 8080 [SYN] Seq=0 Ack=0 Win=64512 Len=0 MSS=1460
 
No. Time Source Destination Protocol Info
      2 0.000033 10.203.1.46 10.51.64.77 TCP 8080
> 1428 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
 
No. Time Source Destination Protocol Info
      3 0.002918 10.51.64.77 10.203.1.46 TCP 1428
> 8080 [ACK] Seq=1 Ack=1 Win=64512 Len=0
 
No. Time Source Destination Protocol Info
      4 0.002989 10.51.64.77 10.203.1.46 HTTP
CONNECT www.krawecnet.com:443 HTTP/1.0
 
No. Time Source Destination Protocol Info
      5 0.003007 10.203.1.46 10.51.64.77 TCP 8080
> 1428 [ACK] Seq=1 Ack=199 Win=6432 Len=0
 
No. Time Source Destination Protocol Info
      6 0.003533 10.203.1.46 10.51.64.77 HTTP
HTTP/1.0 407 Proxy Authentication Required (text/html)
 
No. Time Source Destination Protocol Info
      7 0.003542 10.203.1.46 10.51.64.77 HTTP
Continuation or non-HTTP traffic
 
No. Time Source Destination Protocol Info
      8 0.005029 10.51.64.77 10.203.1.46 TCP 1428
> 8080 [ACK] Seq=199 Ack=1572 Win=64512 Len=0
 
No. Time Source Destination Protocol Info
      9 7.621070 10.51.64.77 10.203.1.46 HTTP GET
/cgi-bin/openwebmail/openwebmail.pl HTTP/1.0
 
No. Time Source Destination Protocol Info
     10 7.621571 10.203.1.46 10.51.64.77 HTTP
HTTP/1.0 400 Bad Request (text/html)
 
Here's the detail on Packet #10
 
No. Time Source Destination Protocol Info
     10 6.623119 10.203.1.46 10.51.64.77 HTTP
HTTP/1.0 400 Bad Request (text/html)

_______________________________________________________________
Mark Krawec mark@krawecnet.com
"Earth First" (We'll strip mine the other planets later)
Received on Mon Apr 04 2005 - 15:50:21 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT