squid invalidates https requests
-
Hi all,
I run squid-3.5.27_3 on pfSense 2.4.4 as well as in house Sugar CRM server.
Recently Sugar license validation and updates checks made to https://updates.sugarcrm.com/heartbeat/soap.php started failing (no changes made at our end).
Squid logs only produce 2 lines:
1587737506.670 0 192.168.5.30 TAG_NONE/400 4360 NONE error:invalid-request - HIER_NONE/- text/html 1587737506.978 301 192.168.5.30 TCP_MISS/301 464 POST http://updates.sugarcrm.com/heartbeat/soap.php - HIER_DIRECT/54.177.58.238 text/html
Increasing debug level to 9 hasn't added anything to this output and actually prevented squid from starting:
Apr 27 12:38:54 (squid-1) UFSSwapDir::openLog: Failed to open swap log.
Fixed with:
chown squid:proxy /var/squid/cache/swap.state*
The same requests go through fine directly (bypassing squid).
It appears that squid has decided to invalidate them.
Tcpdump in source reveals the following:
HTTP/1.1 400 Bad Request Server: squid/3.5.27 Mime-Version: 1.0 Date: Mon, 27 Apr 2020 13:34:47 GMT Content-Type: text/html;charset=utf-8 Content-Length: 4000 X-Squid-Error: ERR_INVALID_REQ 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from PROXY X-Cache-Lookup: NONE from PROXY:3128 Via: 1.1 PROXY (squid/3.5.27) Connection: close
It also produces:
Some possible problems are: - Missing or unknown request method. - Missing URL. - Missing HTTP Identifier (HTTP/1.0). - Request is too large. - Content-Length missing for POST or PUT requests. - Illegal character in hostname; underscores are not allowed. - HTTP/1.1 feature is being asked from an HTTP/1.0 software.
Can I determine which of the above is actually causing failures?
Why has it suddenly stopped working in March without any changes being made AFAIK?
Thanks,
Adam
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.