Squid reverse proxy does not respond some HTTPS request for specific website through "NONE/400 3708 NONE error:invalid-request"
by emohamad from LinuxQuestions.org on (#5RKVP)
Hi everyone!
This is my squid as reverse proxy configuration:
squid -k parse
2021/11/07 04:49:17| Startup: Initializing Authentication Schemes ...
2021/11/07 04:49:17| Startup: Initialized Authentication Scheme 'basic'
2021/11/07 04:49:17| Startup: Initialized Authentication Scheme 'digest'
2021/11/07 04:49:17| Startup: Initialized Authentication Scheme 'negotiate'
2021/11/07 04:49:17| Startup: Initialized Authentication Scheme 'ntlm'
2021/11/07 04:49:17| Startup: Initialized Authentication.
2021/11/07 04:49:17| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2021/11/07 04:49:17| Processing: acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
2021/11/07 04:49:17| Processing: acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
2021/11/07 04:49:17| Processing: acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
2021/11/07 04:49:17| Processing: acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
2021/11/07 04:49:17| Processing: acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
2021/11/07 04:49:17| Processing: acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
2021/11/07 04:49:17| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range
2021/11/07 04:49:17| Processing: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
2021/11/07 04:49:17| Processing: acl SSL_ports port 443
2021/11/07 04:49:17| Processing: acl Safe_ports port 80 # http
2021/11/07 04:49:17| Processing: acl Safe_ports port 21 # ftp
2021/11/07 04:49:17| Processing: acl Safe_ports port 443 # https
2021/11/07 04:49:17| Processing: acl Safe_ports port 70 # gopher
2021/11/07 04:49:17| Processing: acl Safe_ports port 210 # wais
2021/11/07 04:49:17| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2021/11/07 04:49:17| Processing: acl Safe_ports port 280 # http-mgmt
2021/11/07 04:49:17| Processing: acl Safe_ports port 488 # gss-http
2021/11/07 04:49:17| Processing: acl Safe_ports port 591 # filemaker
2021/11/07 04:49:17| Processing: acl Safe_ports port 777 # multiling http
2021/11/07 04:49:17| Processing: acl CONNECT method CONNECT
2021/11/07 04:49:17| Processing: http_access deny !Safe_ports
2021/11/07 04:49:17| Processing: http_access deny CONNECT !SSL_ports
2021/11/07 04:49:17| Processing: http_access allow localhost manager
2021/11/07 04:49:17| Processing: http_access deny manager
2021/11/07 04:49:17| Processing: include /etc/squid/conf.d/*
2021/11/07 04:49:17| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1)
2021/11/07 04:49:17| Processing: logfile_rotate 0
2021/11/07 04:49:17| Processing: http_access allow localhost
2021/11/07 04:49:17| Processing: http_access allow all
2021/11/07 04:49:17| Processing: http_port 80 accel defaultsite=reversep.emo.ir
2021/11/07 04:49:17| Processing: http_port 443 accel defaultsite=reversep.emo.ir no-vhost tls-cert=/etc/squid/certs/squid-ca-cert-key.pem tls-cert=/etc/squid/certs/squid-ca-cert-key.pem
2021/11/07 04:49:17| Processing: cache_peer reversep.emo.ir parent 23751 0 no-query no-digest
2021/11/07 04:49:17| Processing: refresh_pattern ^ftp: 1440 20% 10080
2021/11/07 04:49:17| Processing: refresh_pattern ^gopher: 1440 0% 1440
2021/11/07 04:49:17| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2021/11/07 04:49:17| Processing: refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
2021/11/07 04:49:17| Processing: refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
2021/11/07 04:49:17| Processing: refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
2021/11/07 04:49:17| Processing: refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
2021/11/07 04:49:17| Processing: refresh_pattern . 0 20% 4320
2021/11/07 04:49:17| Initializing https:// proxy context
2021/11/07 04:49:17| Initializing http_port [::]:443 TLS contexts
2021/11/07 04:49:17| Using certificate in /etc/squid/certs/squid-ca-cert-key.pem
2021/11/07 04:49:17| Using key in /etc/squid/certs/squid-ca-cert-key.pem <== =============================================================================
======> these certificate exported via :
openssl s_client -showcerts -connect xyz.com:443
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Client request for xyz.com which is publicly known like yahoo.com
access.log respond as shown below:
10.1.1.10 NONE/400 3708 NONE error:invalid-request - HIER_NONE/- text/html
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Client have access to Squid and ping reversep.emo.ir correctly. I appreciate it if you could help me out
This is my squid as reverse proxy configuration:
squid -k parse
2021/11/07 04:49:17| Startup: Initializing Authentication Schemes ...
2021/11/07 04:49:17| Startup: Initialized Authentication Scheme 'basic'
2021/11/07 04:49:17| Startup: Initialized Authentication Scheme 'digest'
2021/11/07 04:49:17| Startup: Initialized Authentication Scheme 'negotiate'
2021/11/07 04:49:17| Startup: Initialized Authentication Scheme 'ntlm'
2021/11/07 04:49:17| Startup: Initialized Authentication.
2021/11/07 04:49:17| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2021/11/07 04:49:17| Processing: acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
2021/11/07 04:49:17| Processing: acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
2021/11/07 04:49:17| Processing: acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
2021/11/07 04:49:17| Processing: acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
2021/11/07 04:49:17| Processing: acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
2021/11/07 04:49:17| Processing: acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
2021/11/07 04:49:17| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range
2021/11/07 04:49:17| Processing: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
2021/11/07 04:49:17| Processing: acl SSL_ports port 443
2021/11/07 04:49:17| Processing: acl Safe_ports port 80 # http
2021/11/07 04:49:17| Processing: acl Safe_ports port 21 # ftp
2021/11/07 04:49:17| Processing: acl Safe_ports port 443 # https
2021/11/07 04:49:17| Processing: acl Safe_ports port 70 # gopher
2021/11/07 04:49:17| Processing: acl Safe_ports port 210 # wais
2021/11/07 04:49:17| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2021/11/07 04:49:17| Processing: acl Safe_ports port 280 # http-mgmt
2021/11/07 04:49:17| Processing: acl Safe_ports port 488 # gss-http
2021/11/07 04:49:17| Processing: acl Safe_ports port 591 # filemaker
2021/11/07 04:49:17| Processing: acl Safe_ports port 777 # multiling http
2021/11/07 04:49:17| Processing: acl CONNECT method CONNECT
2021/11/07 04:49:17| Processing: http_access deny !Safe_ports
2021/11/07 04:49:17| Processing: http_access deny CONNECT !SSL_ports
2021/11/07 04:49:17| Processing: http_access allow localhost manager
2021/11/07 04:49:17| Processing: http_access deny manager
2021/11/07 04:49:17| Processing: include /etc/squid/conf.d/*
2021/11/07 04:49:17| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1)
2021/11/07 04:49:17| Processing: logfile_rotate 0
2021/11/07 04:49:17| Processing: http_access allow localhost
2021/11/07 04:49:17| Processing: http_access allow all
2021/11/07 04:49:17| Processing: http_port 80 accel defaultsite=reversep.emo.ir
2021/11/07 04:49:17| Processing: http_port 443 accel defaultsite=reversep.emo.ir no-vhost tls-cert=/etc/squid/certs/squid-ca-cert-key.pem tls-cert=/etc/squid/certs/squid-ca-cert-key.pem
2021/11/07 04:49:17| Processing: cache_peer reversep.emo.ir parent 23751 0 no-query no-digest
2021/11/07 04:49:17| Processing: refresh_pattern ^ftp: 1440 20% 10080
2021/11/07 04:49:17| Processing: refresh_pattern ^gopher: 1440 0% 1440
2021/11/07 04:49:17| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2021/11/07 04:49:17| Processing: refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
2021/11/07 04:49:17| Processing: refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
2021/11/07 04:49:17| Processing: refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
2021/11/07 04:49:17| Processing: refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
2021/11/07 04:49:17| Processing: refresh_pattern . 0 20% 4320
2021/11/07 04:49:17| Initializing https:// proxy context
2021/11/07 04:49:17| Initializing http_port [::]:443 TLS contexts
2021/11/07 04:49:17| Using certificate in /etc/squid/certs/squid-ca-cert-key.pem
2021/11/07 04:49:17| Using key in /etc/squid/certs/squid-ca-cert-key.pem <== =============================================================================
======> these certificate exported via :
openssl s_client -showcerts -connect xyz.com:443
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Client request for xyz.com which is publicly known like yahoo.com
access.log respond as shown below:
10.1.1.10 NONE/400 3708 NONE error:invalid-request - HIER_NONE/- text/html
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Client have access to Squid and ping reversep.emo.ir correctly. I appreciate it if you could help me out