Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    squid invalidates https requests

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • adamwA
      adamw
      last edited by adamw

      Hi all,

      I run squid-3.5.27_3 on pfSense 2.4.4 as well as in house Sugar CRM server.

      Recently Sugar license validation and updates checks made to https://updates.sugarcrm.com/heartbeat/soap.php started failing (no changes made at our end).

      Squid logs only produce 2 lines:

      1587737506.670      0 192.168.5.30 TAG_NONE/400 4360 NONE error:invalid-request - HIER_NONE/- text/html
1587737506.978    301 192.168.5.30 TCP_MISS/301 464 POST http://updates.sugarcrm.com/heartbeat/soap.php - HIER_DIRECT/54.177.58.238 text/html

      Increasing debug level to 9 hasn't added anything to this output and actually prevented squid from starting:

      Apr 27 12:38:54	(squid-1)		UFSSwapDir::openLog: Failed to open swap log.

      Fixed with:

      chown squid:proxy /var/squid/cache/swap.state*

      The same requests go through fine directly (bypassing squid).

      It appears that squid has decided to invalidate them.

      Tcpdump in source reveals the following:

      HTTP/1.1 400 Bad Request
Server: squid/3.5.27
Mime-Version: 1.0
Date: Mon, 27 Apr 2020 13:34:47 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 4000
X-Squid-Error: ERR_INVALID_REQ 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from PROXY
X-Cache-Lookup: NONE from PROXY:3128
Via: 1.1 PROXY (squid/3.5.27)
Connection: close

      It also produces:

      Some possible problems are:
- Missing or unknown request method.
- Missing URL.
- Missing HTTP Identifier (HTTP/1.0).
- Request is too large.
- Content-Length missing for POST or PUT requests.
- Illegal character in hostname; underscores are not allowed.
- HTTP/1.1 feature is being asked from an HTTP/1.0 software.

      Can I determine which of the above is actually causing failures?

      Why has it suddenly stopped working in March without any changes being made AFAIK?

      Thanks,
      Adam

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.