Passing XML through squid proxy

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Passing XML through squid proxy

Cindy Yoho

Hi Folks,

 

I am brand new to squid, my main work areas being storage, VMware and linux.   I was asked to setup a forward proxy server on a CentOS VMware guest.   I initially chose nginx, which seemed to work fine most of the time but about once a week would stop working and require a reboot to get going again.   When I tried to get assistance with the nginx issue, I was told it was not supported as a forward proxy, and I should use squid.

 

So I started over, CentOS 7, squid 7:3.5.20-15.el7_6.1, and kept more or less the default config.  In my config I commented out all the possible internal networks except the ones in use, and added

 

acl  GOOD dstdomain .vertexsmb.com

 

The use case is as follows:

 

Our Order Entry server will request a tax calculation from a Vertex cloud server by sending XML code (below) through the squid server.   There is a firewall between us and the Vertex cloud.

 

The squid server returns the expected display when I put the test url into the browser on the squid server.   So the firewall is allowing squid to vertex.  When the Order Entry server sends the XML code, however, we get an error returned to the server making the request (below also).  I have also included the error I see in wireshark on the squid server when watching the transaction.   Any help would be greatly appreciated.

 

TIA

Cindy

 

XML CODE:

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

   <soapenv:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

      <VertexEnvelope xmlns="urn:vertexinc:o-series:tps:7:0">

         <Login>

            <TrustedId>xxxxxxxxxxxxxxx</TrustedId>

         </Login>

         <QuotationRequest transactionType="SALE" returnAssistedParametersIndicator="true" documentDate="2019-11-18" documentNumber="TestNewTax">

            <Seller>

               <Company>ABC Widgets</Company>

               <PhysicalOrigin>

                  <City>NASHVILLE</City>

                  <MainDivision>TN</MainDivision>

                  <PostalCode>372281306</PostalCode>

               </PhysicalOrigin>

            </Seller>

            <Customer>

               <CustomerCode>nnnnnnnnn</CustomerCode>

               <Destination>

                  <City>HENDERSONVILLE</City>

                  <MainDivision>TN</MainDivision>

                  <PostalCode>370754525</PostalCode>

               </Destination>

            </Customer>

            <LineItem>

               <Product productClass="AEU">9781426740565</Product>

               <Quantity>1</Quantity>

               <ExtendedPrice>10.00</ExtendedPrice>

               <FlexibleFields>

                     <FlexibleCodeField fieldId="1">G1</FlexibleCodeField>

               </FlexibleFields>

            </LineItem>

         </QuotationRequest>

         <ApplicationData>

            <Sender>Ecometry</Sender>

         </ApplicationData>

      </VertexEnvelope>

   </soapenv:Body>

</soapenv:Envelope>

 

XML ERROR:

 

ERROR:  The requested URL could not be retrieved.

Missing or incorrect access protocol

 

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html><head>

<meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors">

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<title>ERROR: The requested URL could not be retrieved</title>

<style type="text/css"><!--

 /*

* Copyright (C) 1996-2016 The Squid Software Foundation and contributors

*

* Squid software is distributed under GPLv2+ license and includes

* contributions from numerous individuals and organizations.

* Please see the COPYING and CONTRIBUTORS files for details.

*/

 

WIRESHARK ERROR on Squid Server:

 

HTTP     3606 HTTP/1.1 400 Bad Request (text/html)

 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Passing XML through squid proxy

Alex Rousskov
On 5/1/20 10:56 AM, Cindy Yoho wrote:

> When the Order Entry server sends the XML code,
> we get an error returned to the server making the request

Perhaps your Order Entry server does not use HTTP when talking to Squid?

Squid does not really care about the request payload, but the request
has to use the HTTP transport protocol. So sending a SOAP/XML request
payload over HTTP is OK, but sending raw SOAP (or SOAP over something
other than HTTP) is not.

If you can post a packet capture of the Order Entry server talking to
Squid (not the text interpretation of Squid response but the actual
packets going from the Order Entry server to Squid; use libpcap format
which is often the default for Wireshark export), then we should be able
to confirm whether your Order Entry server is using the right protocol
to talk to/through Squid.

The same packet capture can point to HTTP request problems if the Order
Entry server is using HTTP but sending some HTTP token that Squid does
not like (or not sending an HTTP token that Squid needs).


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: [External] Re: Passing XML through squid proxy

Cindy Yoho
Alex, thank you for the quick reply.      
They are not actually passing a url to the squid server.   The nginx config allowed me to have a line as such:

proxy_pass https://calcconnect.vertexsmb.com/vertex-ws/services/CalculateTax

The xml just got passed straight through to the url in the config file.    Is there something comparable in squid I can set to tell it where to pass the code?   I am working on getting the wireshark packets but the  server is in a secure zone so there aren't any easy options for getting a file from it.

Thanks~
Cindy

-----Original Message-----
From: Alex Rousskov <[hidden email]>
Sent: Friday, May 1, 2020 11:26 AM
To: Cindy Yoho <[hidden email]>; [hidden email]
Subject: [External] Re: [squid-users] Passing XML through squid proxy

On 5/1/20 10:56 AM, Cindy Yoho wrote:

> When the Order Entry server sends the XML code, we get an error
> returned to the server making the request

Perhaps your Order Entry server does not use HTTP when talking to Squid?

Squid does not really care about the request payload, but the request has to use the HTTP transport protocol. So sending a SOAP/XML request payload over HTTP is OK, but sending raw SOAP (or SOAP over something other than HTTP) is not.

If you can post a packet capture of the Order Entry server talking to Squid (not the text interpretation of Squid response but the actual packets going from the Order Entry server to Squid; use libpcap format which is often the default for Wireshark export), then we should be able to confirm whether your Order Entry server is using the right protocol to talk to/through Squid.

The same packet capture can point to HTTP request problems if the Order Entry server is using HTTP but sending some HTTP token that Squid does not like (or not sending an HTTP token that Squid needs).


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Passing XML through squid proxy

Alex Rousskov
On 5/5/20 10:22 AM, Cindy Yoho wrote:

> They are not actually passing a url to the squid server. The nginx config allowed me to have a line as such:
>
> proxy_pass https://calcconnect.vertexsmb.com/vertex-ws/services/CalculateTax

> The xml just got passed straight through to the url in the config
> file.    Is there something comparable in squid I can set to tell it
> where to pass the code?   I am working on getting the wireshark
> packets but the  server is in a secure zone so there aren't any easy
> options for getting a file from it.

I am not intimate with nginx, but its proxy_pass configuration sounds
similar to Squid's cache_peer directive:
http://www.squid-cache.org/Doc/config/cache_peer/

Beyond that, without packet traces (or Squid cache.logs with
debug_options set to "ALL,2" or higher), it would be difficult for me to
say anything specific.


Good luck,

Alex.



> -----Original Message-----
> From: Alex Rousskov <[hidden email]>
> Sent: Friday, May 1, 2020 11:26 AM
> To: Cindy Yoho <[hidden email]>; [hidden email]
> Subject: [External] Re: [squid-users] Passing XML through squid proxy
>
> On 5/1/20 10:56 AM, Cindy Yoho wrote:
>
>> When the Order Entry server sends the XML code, we get an error
>> returned to the server making the request
>
> Perhaps your Order Entry server does not use HTTP when talking to Squid?
>
> Squid does not really care about the request payload, but the request has to use the HTTP transport protocol. So sending a SOAP/XML request payload over HTTP is OK, but sending raw SOAP (or SOAP over something other than HTTP) is not.
>
> If you can post a packet capture of the Order Entry server talking to Squid (not the text interpretation of Squid response but the actual packets going from the Order Entry server to Squid; use libpcap format which is often the default for Wireshark export), then we should be able to confirm whether your Order Entry server is using the right protocol to talk to/through Squid.
>
> The same packet capture can point to HTTP request problems if the Order Entry server is using HTTP but sending some HTTP token that Squid does not like (or not sending an HTTP token that Squid needs).
>
>
> HTH,
>
> Alex.
>

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users