> > > On 8/8/19 3:29 PM, Tom Karches wrote: > > > I am in the process of upgrading our Squid proxy server from 3.1 (on > > RHEL6) to 3.3 (on RHEL7). > > It could have been worse! For example, you could ask a question about > upgrading Squid from v1.0 to v2.0... I will try to help, but I do not > remember much about v3.3 specifics. >
I realize that it's a bit old. It is the default for RHEL 7 and unless there is a specific reason to update to the latest version, I usually stick with the default. The current proxy is 3.1 and totally works for our application. > > No, simply logging HTTP CONNECT requests does not require bumping SSL. > > Great. Don't want to go down that path. > > I used curl to test the new proxy. When I attempt to proxy an external > > https connection, this is the result : > > > $ curl --proxy http://127.0.0.1:3128 https://www.google.com > > curl: (56) Received HTTP code 503 from proxy after CONNECT > > Your Squid told curl that something went wrong. If you look at the > actual response, you may know what went wrong. The same information may > be available in Squid access.log, but the error response may have more > details than a log record. Please share that info here if it does not > point you to a solution. > > > Where should I be looking for the problem? > > In Squid response to curl. You can use curl tracing options or Wireshark > to see it. Squid access.log may have some clues as well. > > > > With this command : $curl --trace --proxy http://127.0.0.1:3128 https://www.google.com I get the HTML of the page, with this near the top : <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css"><!-- and then : <div id="content"> <p>The following error was encountered while trying to retrieve the URL: <a href="/">/</a></p> <blockquote id="error"> <p><b>Invalid URL</b></p> </blockquote> and no 503 error at the end. Getting this in access.log : 1565358617.666 0 127.0.0.1 TAG_NONE/400 3958 GET / - HIER_NONE/- text/html Which seems odd. So the page is being delivered, but I don't see it unless --trace is turned on. When I use : curl --proxy http://127.0.0.1:3128 https://www.google.com I get this in access.log : 1565358720.756 2 127.0.0.1 TAG_NONE/503 0 CONNECT www.google.com:443 - HIER_NONE/- - My http_port directive is set as such : # Squid normally listens to port 3128 http_port 3128 This is an explicit proxy so everything should be going through 3128. I don't feel so bad about not figuring this out sooner. There was a thread with a similar problem on the list (though it was not helpful) where they were still stuck at this point after a month. I've only spent a week. Thanks, Tom -- Thomas Karches NCSU OIT CSI - Systems Specialist M.E Student - Technology Education Hillsborough 319 / 919.515.5508
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
