failing https requests

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

failing https requests

Adam Weremczuk
Hi all,

I run squid-3.5.27_3 on pfSense 2.4.4 as well as in house Sugar CRM server.

Recently Sugar license validation and updates checks made to
https://updates.sugarcrm.com/heartbeat/soap.php started failing (no
changes made at our end).

In squid logs requests only produce 2 lines:

1587737506.670      0 192.168.5.30 TAG_NONE/400 4360 NONE
error:invalid-request - HIER_NONE/- text/html
1587737506.978    301 192.168.5.30 TCP_MISS/301 464 POST
http://updates.sugarcrm.com/heartbeat/soap.php -
HIER_DIRECT/54.177.58.238 text/html

It looks like client error followed by a redirection to http.

Direct requests (no web proxy) as well as telnet, wget and curl work fine.

Could somebody explain what exactly the errors mean and why the requests
fail?

Thanks,
Adam


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: failing https requests

Amos Jeffries
Administrator
On 25/04/20 3:46 am, Adam Weremczuk wrote:

> Hi all,
>
> I run squid-3.5.27_3 on pfSense 2.4.4 as well as in house Sugar CRM server.
>
> Recently Sugar license validation and updates checks made to
> https://updates.sugarcrm.com/heartbeat/soap.php started failing (no
> changes made at our end).
>
> In squid logs requests only produce 2 lines:
>
> 1587737506.670      0 192.168.5.30 TAG_NONE/400 4360 NONE
> error:invalid-request - HIER_NONE/- text/html
> 1587737506.978    301 192.168.5.30 TCP_MISS/301 464 POST
> http://updates.sugarcrm.com/heartbeat/soap.php -
> HIER_DIRECT/54.177.58.238 text/html
>
> It looks like client error followed by a redirection to http.
>
> Direct requests (no web proxy) as well as telnet, wget and curl work fine.
>
> Could somebody explain what exactly the errors mean and why the requests
> fail?
>

It means the client delivered some bytes which do not in any way conform
to HTTP request syntax. Not even similar.

The best thing to do is to get a full-packet capture and investigate
with wireshark what is going on.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: failing https requests

Adam Weremczuk
Thanks Amos for the hint.

Tcpdump in source reveals the following:

HTTP/1.1 400 Bad Request
Server: squid/3.5.27
Mime-Version: 1.0
Date: Mon, 27 Apr 2020 13:34:47 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 4000
X-Squid-Error: ERR_INVALID_REQ 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from PROXY
X-Cache-Lookup: NONE from PROXY:3128
Via: 1.1 PROXY (squid/3.5.27)
Connection: close

It also produces:

Some possible problems are:
- Missing or unknown request method.
- Missing URL.
- Missing HTTP Identifier (HTTP/1.0).
- Request is too large.
- Content-Length missing for POST or PUT requests.
- Illegal character in hostname; underscores are not allowed.
- HTTP/1.1 feature is being asked from an HTTP/1.0 software.

Can I determine which of the above is actually causing failures?

Increasing debug level to 9 in squid config hasn't resulted in any more
info being logged :(

Cheers,
Adam

On 24/04/2020 16:57, Amos Jeffries wrote:

> On 25/04/20 3:46 am, Adam Weremczuk wrote:
>> Hi all,
>>
>> I run squid-3.5.27_3 on pfSense 2.4.4 as well as in house Sugar CRM server.
>>
>> Recently Sugar license validation and updates checks made to
>> https://updates.sugarcrm.com/heartbeat/soap.php started failing (no
>> changes made at our end).
>>
>> In squid logs requests only produce 2 lines:
>>
>> 1587737506.670      0 192.168.5.30 TAG_NONE/400 4360 NONE
>> error:invalid-request - HIER_NONE/- text/html
>> 1587737506.978    301 192.168.5.30 TCP_MISS/301 464 POST
>> http://updates.sugarcrm.com/heartbeat/soap.php -
>> HIER_DIRECT/54.177.58.238 text/html
>>
>> It looks like client error followed by a redirection to http.
>>
>> Direct requests (no web proxy) as well as telnet, wget and curl work fine.
>>
>> Could somebody explain what exactly the errors mean and why the requests
>> fail?
>>
> It means the client delivered some bytes which do not in any way conform
> to HTTP request syntax. Not even similar.
>
> The best thing to do is to get a full-packet capture and investigate
> with wireshark what is going on.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: failing https requests

Matus UHLAR - fantomas
On 27.04.20 15:03, Adam Weremczuk wrote:
>Tcpdump in source reveals the following:
>HTTP/1.1 400 Bad Request

does TCPDUMP show the request too?

Maybe you use intercepted connections on standard http_port or you use squid
as destination server without specifying vhost?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: failing https requests

Amos Jeffries
Administrator
In reply to this post by Adam Weremczuk
On 28/04/20 2:03 am, Adam Weremczuk wrote:
> Thanks Amos for the hint.
>
> Tcpdump in source reveals the following:
>
> HTTP/1.1 400 Bad Request
...
>
> Can I determine which of the above is actually causing failures?
>

The response says the request is bad. So look at the request message to
figure out what is bad about it.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users