Re: [squid-users] website not showing up on http transparent squid

From: Tek Bahadur Limbu <[email protected]>
Date: Tue, 14 Aug 2007 13:29:58 +0545

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jacob,

On Mon, 13 Aug 2007 14:13:49 -0500
"Jacob D. Myers" <jmyers@czconsulting.com> wrote:

>
> (From IE and Firefox there is simply a blank screen and a status of Done when requesting this site)
> (Here is my squid.conf:)
>
> http_port 3128 transparent
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> cache_mem 128 MB
> cache_dir null /null
> access_log /var/log/squid/access.log squid
> hosts_file /etc/hosts
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl unauthsites dstdomain "/etc/squid/unauthorized-sites"
> acl workstations src 10.0.10.0/255.255.255.0
> acl CONNECT method CONNECT
> acl our_network src 10.0.10.0/255.255.255.0
> no_cache deny all
> http_access allow manager localhost
> http_access deny manager
> http_access deny workstations unauthsites
> http_access allow our_network
> http_access allow localhost
> http_access deny all
> http_reply_access allow all
> always_direct allow all
> icp_access allow all
> cache_effective_group proxy
> visible_hostname ubprox
> coredump_dir /var/spool/squid

Your config seems fine.

>
> (All I get in access.log is:)
>
> 1187028327.093 229 10.0.10.62 TCP_MISS/200 4225 GET http://www.fnams.com/ - DIRECT/206.54.145.38 text/html

Your access.log shows your squid box fetching the request on behalf of your client.

>
> (This is what telnet to port 80 on my squid box gets:)
>
> HTTP/1.1 400 Bad Request ( The data is invalid. )
> Connection: close
> Pragma: no-cache
> Cache-Control: no-cache
> Content-Type: text/html
> Content-Length: 1714
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML dir=ltr><HEAD><TITLE>The page cannot be displayed</TITLE>
> <STYLE>A:link {
> FONT: 8pt/11pt verdana; COLOR: #ff0000
> }
> A:visited {
> FONT: 8pt/11pt verdana; COLOR: #4e4e4e
> }
> </STYLE>
>
> <META content=NOINDEX name=ROBOTS>
> <META http-equiv=Content-Type content="text-html; charset=Windows-1252">
>
> <META content="MSHTML 5.50.4522.1800" name=GENERATOR></HEAD>
> <BODY bgColor=#ffffff>
> <TABLE cellSpacing=5 cellPadding=3 width=410>
> <TBODY>
> <TR>
> <TD vAlign=center align=left width=360>
> <H1 style="FONT: 13pt/15pt verdana; COLOR: #000000"><!--Problem-->The page
> cannot be displayed</H1></TD></TR>
> <TR>
> <TD width=400 colSpan=2><FONT
> style="FONT: 8pt/11pt verdana; COLOR: #000000">There is a problem with the
> page you are trying to reach and it cannot be displayed.</FONT></TD></TR>
> <TR>
> <TD width=400 colSpan=2><FONT
> style="FONT: 8pt/11pt verdana; COLOR: #000000">
> <HR color=#c0c0c0 noShade>
>
> <P>Please try the following:</P>
> <UL>
> <LI>Click the Refresh button,
> or try again later.<BR>
> <LI>Open the Web site
> home page, and then look for links to the information you want.
> <LI>If you believe you should be able to view this directory or page,
> please contact the Web site administrator by using the e-mail address or
> phone number listed on the Web site
> home page. </LI></UL>
> <H2 style="FONT: 8pt/11pt verdana; COLOR: #000000">400 Bad Request - The data is invalid. (13)<BR>Internet Security and Acceleration Server</H2>
> </FONT></TD></TR></TBODY></TABLE></BODY></HTML>
> Connection closed by foreign host.

This shows your Squid box can fetch the URL from itself. Seems like they are running some kind of ISA server but I don't think it is the cause of your problem.

By the way, did you try running tcpdump?

>
> (From the windows client I get this from telnet port 80:)
>
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.or
> g/TR/html4/loose.dtd">
> <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/
> html; charset=iso-8859-1">
> <TITLE>ERROR: The requested URL could not be retrieved
> </TITLE>
> <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:ver
> dana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
> </HEAD><BODY>
> <H1>ERROR</H1
> >
> <H2>The requested URL could not be retrieved</H2>
> <HR noshade size="1px">
> <P>
> Whil
> e trying to process the request:
> <PRE>
>
>
> </PRE>
> <P>
> The following error was encountere
> d:
> <UL>
> <LI>
> <STRONG>
> Invalid Request
> </STRONG>
> </UL>
>
> <P>
> Some aspect of the HTTP Reques
> t is invalid. Possible problems:
> <UL>
> <LI>Missing or unknown request method
> <LI>Mi
> ssing URL
> <LI>Missing HTTP Identifier (HTTP/1.0)
> <LI>Request is too large
> <LI>Conte
> nt-Length missing for POST or PUT requests
> <LI>Illegal character in hostname; und
> erscores are not allowed
> </UL>
> <P>Your cache administrator is <A HREF="mailto:webm
> aster">webmaster</A>.
>
> <BR clear="all">
> <HR noshade size="1px">
> <ADDRESS>
> Generated
> Mon, 13 Aug 2007 18:10:42 GMT by ubprox (squid/2.6.STABLE5)
> </ADDRESS>
> </BODY></HT
> ML>
>
>
> Connection to host lost.

But it's strange why your clients can't fetch the URL transparently. Also you say that Opera can fetch it while Firefox and IE can't!

How does your IPTABLES redirection rules look like?

I can't remember the exact syntax but you can put a rule above your transproxy redirection rule to allow your clients to fetch the URL directly instead of going through the proxy

Or maybe upgrading to Squid-2.6.14 might work!

Thanking you...

>
>
> Thank you,
> Jacob D Myers
>
>
>
> -----Original Message-----
> From: Tek Bahadur Limbu [mailto:teklimbu@wlink.com.np]
> Sent: Monday, August 13, 2007 1:37 PM
> To: Jacob D. Myers
> Cc: Henrik Nordstrom; squid-users@squid-cache.org
> Subject: Re: [squid-users] website not showing up on http transparent squid
>
> Jacob D. Myers wrote:
> > Interesting, I wonder if that is because I have it running transparently.
>
> Hi Jacob,
>
> I can access www.fnams.com with my transparent proxy setup.
> Can you telnet to www.fnams.com on port 80 from your Squid proxy in the
> first place if not from the user's end?
>
> What is the exact error that Squid reports when trying to access it
> transparently from the user's end?
>
> I bet your best tool would be running tcpdump and check if some kind of
> firewall is actually coming in your way.
>
> Also what does your cache.log and access.log say?
>
>
> Thanking you...
>
>
> >
> > Thank you,
> > Jacob D. Myers
> >
> >
> > -----Original Message-----
> > From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
> > Sent: Monday, August 13, 2007 11:37 AM
> > To: Jacob D. Myers
> > Cc: squid-users@squid-cache.org
> > Subject: Re: [squid-users] website not showing up on http transparent squid
> >
> > On m�n, 2007-08-13 at 09:18 -0500, Jacob D. Myers wrote:
> >> Hello, this is my first time posting.
> >> I have a client that is trying to request www.fnams.com.
> >> There are no errors in the log files, and squid is not reporting any
> >> problems but the site simply will not display in IE6 or Firefox 2.
> >
> > Works for me using Firefox 2.0.0.5 with Squid configured as a proxy.
> >
> > Regards
> > Henrik
> >
> >
> >
>
>
> --
>
> With best regards and good wishes,
>
> Yours sincerely,
>
> Tek Bahadur Limbu
>
> (TAG/TDG Group)
> Jwl Systems Department
>
> Worldlink Communications Pvt. Ltd.
>
> Jawalakhel, Nepal
>
> http://www.wlink.com.np
>

- --

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQFGwV12fpE0pz+xqQQRAtl6AJ0fS6Xzajs+Vw8RVIeLevrjPb4YIgCgkfdp
RL0Du2H0R7v0REV/uHkut+c=
=Rd91
-----END PGP SIGNATURE-----
Received on Tue Aug 14 2007 - 01:44:42 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT