Discussion:
[squid-users] Fwd: Encrypted browser-squid connection
supraja sridhar
2018-11-12 02:45:01 UTC
Permalink
Hi,
When I try out the encrypted browser-squid connection, no URL loads. I get
the following error message in the squid access log.

1541989360.999 0 XXX.XX.XXX.XX NONE/000 0 NONE
error:transaction-end-before-headers - HIER_NONE/- -
I have Firefox-59.0.1 running on Ubuntu loaded with the following pac file
function FindProxyForURL(url, host)
{
return "HTTPS XXX.XX.XXX.XXX:3129"
}
Squid-version: 4.4 and it runs on Ubuntu 16.04.5 OS.

Can someone please help me debug this further?

Thanks,
Supraja
--
Regards,
S.SUPRAJA
MIT
--
Regards,
S.SUPRAJA
MIT
Amos Jeffries
2018-11-12 03:28:43 UTC
Permalink
Post by supraja sridhar
Can someone please help me debug this further?
First thing to do is convert your config file to plain-text (ASCII).
Squid does not use RTF format config.


Second your definition for "all" ACL is incorrect. Remove it and use the
built-in one.

Also remove that "http_access allow all" and adjust the localnet ACL to
match your actual LAN range(s) you expect clients to be using. Both IPv4
and IPv6.

Then use "squid -k parse" to verify Squid is able to use your updated
config and a full restart Squid to make extra-sure it is only using that
config.


The next debugging to do is check the actual protocol with a wireshark
full-packet trace to see what the Browser is actually sending to the proxy.


Amos
Alex Crow
2018-11-12 07:52:59 UTC
Permalink
Post by supraja sridhar
Hi,
When I try out the encrypted browser-squid connection, no URL loads. I
get the following error message in the squid access log.
1541989360.999     0 XXX.XX.XXX.XX NONE/000 0 NONE
error:transaction-end-before-headers - HIER_NONE/- -
I have Firefox-59.0.1 running on Ubuntu loaded with the following pac file
function FindProxyForURL(url, host)
{
 return "HTTPS XXX.XX.XXX.XXX:3129"
}
Should be

return "PROXY XXX.XXX.XXX.XXX:3129;"




--
Insert pointless drivel here.
Alex Rousskov
2018-11-12 19:01:21 UTC
Permalink
Post by Alex Crow
Post by supraja sridhar
Hi,
When I try out the encrypted browser-squid connection, no URL loads. I
get the following error message in the squid access log.
1541989360.999      0 XXX.XX.XXX.XX NONE/000 0 NONE
error:transaction-end-before-headers - HIER_NONE/- -
I have Firefox-59.0.1 running on Ubuntu  loaded with the following pac
file
function FindProxyForURL(url, host)
{
 return "HTTPS XXX.XX.XXX.XXX:3129"
}
Should be
return "PROXY XXX.XXX.XXX.XXX:3129;"
Two problems with this suggestion:

* Major: "PROXY" is the wrong keyword for "Encrypted browser-squid
connection". OP's "HTTPS" was as correct as the email subject. See
https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_(PAC)_file#Return_value_format

* Minor: Semicolons inside FindProxyForURL() return values are used to
delimit blocks. In this case, there is only one block so I would not add
a semicolon before the closing quote. Adding a semicolon at the end of
the return statement (i.e. _after_ the closing quote) may be a good idea
even though it is not required in this specific context IIRC.

Alex.

Loading...