Fwd: Encrypted browser-squid connection

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Encrypted browser-squid connection

supraja sridhar
Hi,
When I try out the encrypted browser-squid connection, no URL loads. I get the following error message in the squid access log.

1541989360.999      0 XXX.XX.XXX.XX NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -

I have Firefox-59.0.1 running on Ubuntu  loaded with the following pac file
function FindProxyForURL(url, host)
{
 return "HTTPS XXX.XX.XXX.XXX:3129"
}

Squid-version: 4.4 and it runs on  Ubuntu 16.04.5 OS.

Can someone please help me debug this further?

Thanks,
Supraja



--
Regards,
S.SUPRAJA
MIT


--
Regards,
S.SUPRAJA
MIT

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

squid.conf.rtf (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Encrypted browser-squid connection

Amos Jeffries
Administrator
On 12/11/18 3:45 PM, supraja sridhar wrote:
>
> Can someone please help me debug this further?
>

First thing to do is convert your config file to plain-text (ASCII).
Squid does not use RTF format config.


Second your definition for "all" ACL is incorrect. Remove it and use the
built-in one.

Also remove that "http_access allow all" and adjust the localnet ACL to
match your actual LAN range(s) you expect clients to be using. Both IPv4
and IPv6.

Then use "squid -k parse" to verify Squid is able to use your updated
config and a full restart Squid to make extra-sure it is only using that
config.


The next debugging to do is check the actual protocol with a wireshark
full-packet trace to see what the Browser is actually sending to the proxy.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Encrypted browser-squid connection

Alex Crow
In reply to this post by supraja sridhar


On 12/11/2018 02:45, supraja sridhar wrote:
Hi,
When I try out the encrypted browser-squid connection, no URL loads. I get the following error message in the squid access log.

1541989360.999      0 XXX.XX.XXX.XX NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -

I have Firefox-59.0.1 running on Ubuntu  loaded with the following pac file
function FindProxyForURL(url, host)
{
 return "HTTPS XXX.XX.XXX.XXX:3129"
}


Should be

return "PROXY XXX.XXX.XXX.XXX:3129;"



--

Insert pointless drivel here.


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Encrypted browser-squid connection

Alex Rousskov
On 11/12/18 12:52 AM, Alex Crow wrote:

>
> On 12/11/2018 02:45, supraja sridhar wrote:
>> Hi,
>> When I try out the encrypted browser-squid connection, no URL loads. I
>> get the following error message in the squid access log.
>>
>>     1541989360.999      0 XXX.XX.XXX.XX NONE/000 0 NONE
>>     error:transaction-end-before-headers - HIER_NONE/- -
>>
>>
>> I have Firefox-59.0.1 running on Ubuntu  loaded with the following pac
>> file
>>
>>         function FindProxyForURL(url, host)
>>
>>         {
>>
>>          return "HTTPS XXX.XX.XXX.XXX:3129"
>>
>>         }


> Should be
>
> return "PROXY XXX.XXX.XXX.XXX:3129;"


Two problems with this suggestion:

* Major: "PROXY" is the wrong keyword for "Encrypted browser-squid
connection". OP's "HTTPS" was as correct as the email subject. See
https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_(PAC)_file#Return_value_format

* Minor: Semicolons inside FindProxyForURL() return values are used to
delimit blocks. In this case, there is only one block so I would not add
a semicolon before the closing quote. Adding a semicolon at the end of
the return statement (i.e. _after_ the closing quote) may be a good idea
even though it is not required in this specific context IIRC.

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users