Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    squid invalidates https requests

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • adamwA
      adamw
      last edited by adamw

      Hi all,

      I run squid-3.5.27_3 on pfSense 2.4.4 as well as in house Sugar CRM server.

      Recently Sugar license validation and updates checks made to https://updates.sugarcrm.com/heartbeat/soap.php started failing (no changes made at our end).

      Squid logs only produce 2 lines:

      1587737506.670      0 192.168.5.30 TAG_NONE/400 4360 NONE error:invalid-request - HIER_NONE/- text/html
      1587737506.978    301 192.168.5.30 TCP_MISS/301 464 POST http://updates.sugarcrm.com/heartbeat/soap.php - HIER_DIRECT/54.177.58.238 text/html
      

      Increasing debug level to 9 hasn't added anything to this output and actually prevented squid from starting:

      Apr 27 12:38:54	(squid-1)		UFSSwapDir::openLog: Failed to open swap log.
      

      Fixed with:

      chown squid:proxy /var/squid/cache/swap.state*
      

      The same requests go through fine directly (bypassing squid).

      It appears that squid has decided to invalidate them.

      Tcpdump in source reveals the following:

      HTTP/1.1 400 Bad Request
      Server: squid/3.5.27
      Mime-Version: 1.0
      Date: Mon, 27 Apr 2020 13:34:47 GMT
      Content-Type: text/html;charset=utf-8
      Content-Length: 4000
      X-Squid-Error: ERR_INVALID_REQ 0
      Vary: Accept-Language
      Content-Language: en
      X-Cache: MISS from PROXY
      X-Cache-Lookup: NONE from PROXY:3128
      Via: 1.1 PROXY (squid/3.5.27)
      Connection: close
      

      It also produces:

      Some possible problems are:
      - Missing or unknown request method.
      - Missing URL.
      - Missing HTTP Identifier (HTTP/1.0).
      - Request is too large.
      - Content-Length missing for POST or PUT requests.
      - Illegal character in hostname; underscores are not allowed.
      - HTTP/1.1 feature is being asked from an HTTP/1.0 software.
      

      Can I determine which of the above is actually causing failures?

      Why has it suddenly stopped working in March without any changes being made AFAIK?

      Thanks,
      Adam

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.