On 2/05/2013 1:42 a.m., Pablo Ruben M wrote:
> I have Squid's new installation 3.3.3 behind a Firewall NAT and do not
> achieve that it works. Placing the debug in ALL, 3 I obtain the
> following mistakes:
>
> HTTP/1.1 400 Bad Request
> Server: squid/3.3.3
> Mime-Version: 1.0
> Date: Wed, 01 May 2013 12:19:08 GMT
> Content-Type: text/html
> Content-Length: 3229
> X-Squid-Error: ERR_INVALID_URL 0
> Vary: Accept-Language
> Content-Language: en
> X-Cache: MISS from proxy02
> Via: 1.1 proxy02 (squid/3.3.3)
> Connection: close
>
> In the web browser I obtain:
>
> The following error was encountered while trying to retrieve the URL: /
>
> Invalid URL
>
> I have Squid's installation 2.7 working without problems. Does it
> change radically the installation into Squid 3?
No. The changes required to make 3.2and later work are also required to
make version 2.5 to 3.1 work properly. The older versiosn were just
hiding the problem and allowing hackers to use the proxy unrecorded
(CVE-2009-0801 is one of the effects).
Solution: separate the Squid http_port from intercepted traffic from the
configured proxy traffic.
Also, the firewall NAT must be done on the Squid device. If the firewall
device is separate from the Squid device, you require policy routing (or
WCCP) to pass traffic without altering the IP details from the firewall
device to the squid device where NAT can take place.
Amos
Received on Thu May 02 2013 - 01:49:43 MDT
This archive was generated by hypermail 2.2.0 : Fri May 03 2013 - 12:00:13 MDT