[Resolved] Squid error after update 2.0-RC3 (i386) built on Tue Aug 30



  • I receive a squid (version 2.7.9_4.1) "Invalid Request" error message, after updating to 2.0-RC3 (i386) built on Tue Aug 30 18:46:28 EDT 2011

    This is frequently due to squid's parameter "request_body_max_size" set value lower than 1 MB, but I's set to
    "request_body_max_size 0 KB" (unlimited)

    
    cache.log : 
    2011/08/31 15:58:55| clientTryParseRequest: FD 23 (10.0.0.9:2108) Invalid Request
    2011/08/31 15:58:56| clientTryParseRequest: FD 23 (10.0.0.9:2109) Invalid Request
    2011/08/31 16:05:08| clientTryParseRequest: FD 23 (10.0.0.9:2111) Invalid Request
    
    
    
    access.log : 
    1314799136.857      0 10.0.0.9 TCP_DENIED/400 2297 GET NONE:// - NONE/- text/html
    1314799508.667      0 10.0.0.9 TCP_DENIED/400 2395 GET NONE:// - NONE/- text/html
    
    

    Squid conf  :

    Do not edit manually !

    http_port 10.0.0.10:3128
    http_port 127.0.0.1:3128
    http_port 127.0.0.1:3128 transparent
    icp_port 0

    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_directory /usr/local/etc/squid/errors/French
    icon_directory /usr/local/etc/squid/icons
    visible_hostname Parefeu-test
    cache_mgr xxxx
    access_log /var/squid/log/access.log
    cache_log /var/squid/log/cache.log
    cache_store_log none
    logfile_rotate 7
    shutdown_lifetime 3 seconds

    Allow local network(s) on interface(s)

    acl localnet src  10.0.0.0/255.255.255.0 127.0.0.0/255.0.0.0
    forwarded_for off
    httpd_suppress_version_string on
    uri_whitespace strip

    cache_mem 256 MB
    maximum_object_size_in_memory 32 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir ufs /var/squid/cache 5000 16 256
    minimum_object_size 0 KB
    maximum_object_size 4096 KB
    offline_mode off
    cache_swap_low 90
    cache_swap_high 95

    No redirector configured

    Setup some default acls

    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 445 3128 1025-65535
    acl sslports port 443 563 445
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl dynamic urlpath_regex cgi-bin ?
    acl unrestricted_hosts src '/var/squid/acl/unrestricted_hosts.acl'
    cache deny dynamic
    http_access allow manager localhost
     
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports

    Always allow localhost connections

    http_access allow localhost

    request_body_max_size 0 KB
    reply_body_max_size 0 deny all
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow all

    Custom options

    tcp_outgoing_address 127.0.0.1
    redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
    redirector_bypass on
    redirect_children 3

    These hosts do not have any restrictions

    http_access allow unrestricted_hosts

    Setup allowed acls

    Allow local network(s) on interface(s)

    http_access allow localnet

    Default block all to be sure

    http_access deny all



  • I've found the problem :

    Disable loopback interface in squid and everything goes on.



  • I encountered the same problem on august 30th build.  I've corrected the problem by removing middle line and restarting squid:

    http_port 10.0.0.10:3128
    http_port 127.0.0.1:3128
    http_port 127.0.0.1:3128 transparent

    Is this a bug or newly introduced feature? I've checked my old squid.conf and 2nd line wasn't present there.



  • @nl:

    I've found the problem :

    Disable loopback interface in squid and everything goes on.

    I've checked my squid.conf after applying your method and I think I understand now - your fix does exactly the same thing as mine.
    Simply after adding loopback interface squid puts incorrectly
    http_port 127.0.0.1:3128
    thus disabling next line with transparent option, so it's a slight change in GUI interpretation in the latest version of squid package.


Log in to reply