[SOLVED] Squid3 reverse proxy: problem with Microsoft Web Service - HTTP 417 err

nss · Oct 2, 2014, 8:30 AM

Hello everybody.
I am replacing a Forefront 2010 firewall with PfSense.

I have only one problem that is blocking me: the reverse proxy (package squid3) causes problems when calling Web Services (WDSL, written in C#) that are behind the PfSense firewall (it works fine if I directly forward port 80 to the IIS web server, using a firewall rule in PfSense.. but I have 2 Web Servers and I need the reverse proxy).

I can correctly see the WSDL Web Service description from a browser and access other web sites that are hosted on the two IIS servers.

The exception that I get when calling the Web Service is the following:

An error occurred while receiving the HTTP response to http://xxx.com/yyy.asmx. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details

I searched online and I found that the problem could be something related to a non-compliance in HTTP/1.1 of the Web Service… and this could solve the problem: http://www.squid-cache.org/Doc/config/ignore_expect_100/
but I don't know how to enable this option for the REVERSE PROXY (NOT THE PROXY SERVER) of squid3, in PfSense. Can anybody help me?

Another solution COULD be to use HTTP/1.0 instead of HTTP/1.1 in squid3's reverse proxy… but how?

Thank you

EDIT: inspecting with fiddler, on the client side, I get the following error with HTTP 417 status:

ERROR

The requested URL could not be retrieved

–------------------------------------------------------------------------------

Invalid Request error was encountered while trying to process the request:

POST /yyy.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://XXXXX.com/GetXXXX"
Host: YYY.domainXXX.com
Content-Length: 441
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Some possible problems are:

•Missing or unknown request method.

•Missing URL.

•Missing HTTP Identifier (HTTP/1.0).

•Request is too large.

•Content-Length missing for POST or PUT requests.

•Illegal character in hostname; underscores are not allowed.

•HTTP/1.1 «Expect:» feature is being asked from an HTTP/1.0 software.

Your cache administrator is admin@localhost.

Generated Wed, 01 Oct 2014 15:25:26 GMT by localhost (squid/3.1.22)

On server side (IIS) I have no errors.

nss · Oct 2, 2014, 8:29 AM

Ok I found 2 solutions:

1. the good one is to simply add the following line in PfSense web configuration, Services, Proxy server, General, Custom Settings, Custom Options:

ignore_expect_100 on

yes, it works also for the REVERSE proxy.

2. the bad one (just to know it exists) is to modify the source code of the web services' CLIENT SIDEs, in C#, by adding this line:

System.Net.ServicePointManager.Expect100Continue = false;

before instantiating the SoapClient object: MySoapClient My_WS_Client = new MySoapClient(); .