Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Squid3 reverse proxy: problem with Microsoft Web Service - HTTP 417 err

    pfSense Packages
    1
    2
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nss
      last edited by

      Hello everybody.
      I am replacing a Forefront 2010 firewall with PfSense.

      I have only one problem that is blocking me: the reverse proxy (package squid3) causes problems when calling Web Services (WDSL, written in C#) that are behind the PfSense firewall (it works fine if I directly forward port 80 to the IIS web server, using a firewall rule in PfSense.. but I have 2 Web Servers and I need the reverse proxy).

      I can correctly see the WSDL Web Service description from a browser and access other web sites that are hosted on the two IIS servers.

      The exception that I get when calling the Web Service is the following:

      An error occurred while receiving the HTTP response to http://xxx.com/yyy.asmx. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details

      I searched online and I found that the problem could be something related to a non-compliance in HTTP/1.1 of the Web Service… and this could solve the problem: http://www.squid-cache.org/Doc/config/ignore_expect_100/
      but I don't know how to enable this option for the REVERSE PROXY (NOT THE PROXY SERVER) of squid3, in PfSense. Can anybody help me?

      Another solution COULD be to use HTTP/1.0 instead of HTTP/1.1 in squid3's reverse proxy… but how?

      Thank you

      EDIT: inspecting with fiddler, on the client side, I get the following error with HTTP 417 status:

      ERROR

      The requested URL could not be retrieved

      –------------------------------------------------------------------------------

      Invalid Request error was encountered while trying to process the request:

      POST /yyy.asmx HTTP/1.1
      Content-Type: text/xml; charset=utf-8
      SOAPAction: "http://XXXXX.com/GetXXXX"
      Host: YYY.domainXXX.com
      Content-Length: 441
      Expect: 100-continue
      Accept-Encoding: gzip, deflate
      Connection: Keep-Alive

      Some possible problems are:

      •Missing or unknown request method.

      •Missing URL.

      •Missing HTTP Identifier (HTTP/1.0).

      •Request is too large.

      •Content-Length missing for POST or PUT requests.

      •Illegal character in hostname; underscores are not allowed.

      •HTTP/1.1 «Expect:» feature is being asked from an HTTP/1.0 software.

      Your cache administrator is admin@localhost.

      Generated Wed, 01 Oct 2014 15:25:26 GMT by localhost (squid/3.1.22)

      On server side (IIS) I have no errors.

      1 Reply Last reply Reply Quote 0
      • N
        nss
        last edited by

        Ok I found 2 solutions:

        1. the good one is to simply add the following line in PfSense web configuration, Services, Proxy server, General, Custom Settings, Custom Options:

        ignore_expect_100 on

        yes, it works also for the REVERSE proxy.

        2. the bad one (just to know it exists) is to modify the source code of the web services' CLIENT SIDEs, in C#, by adding this line:

        System.Net.ServicePointManager.Expect100Continue = false;

        before instantiating the SoapClient object: MySoapClient My_WS_Client = new MySoapClient(); .

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.