fosiul01
asked on
Squid not parsing a url correctly!! never seen like this before
Hi
i am facing a wired behaviour from squid.
we are trying to connect to via Jupiter windows secure application manager to a clients network via http.
its works fine from outside of our network , even though from network without squid proxy .. but when it try to go via squid, it does not able to resolve the address!!!
example :
after trying username and password , its goes to here
https://portal.mydomain.co.uk/dana/home/launch.cgi?url=https%3A%2F%2Fameymdm.ameygroup.int%2Fmobicontrol%2F
So it comes to check Certificate , then it should go to
https://ameymdm.ameygroup.int/mobicontrol/
but internet exploer does not find this https://ameymdm.ameygroup.int/mobicontrol/
i think its something to do with "https%3A%2F%2Fameymdm" which squid does not know how to parse.. t here is not any deny in squid log.
Can any one help me to find out what happenning ...
As i said, if i try without proxy, it works fine. but with proxy it does not ..
thans
i am facing a wired behaviour from squid.
we are trying to connect to via Jupiter windows secure application manager to a clients network via http.
its works fine from outside of our network , even though from network without squid proxy .. but when it try to go via squid, it does not able to resolve the address!!!
example :
after trying username and password , its goes to here
https://portal.mydomain.co.uk/dana/home/launch.cgi?url=https%3A%2F%2Fameymdm.ameygroup.int%2Fmobicontrol%2F
So it comes to check Certificate , then it should go to
https://ameymdm.ameygroup.int/mobicontrol/
but internet exploer does not find this https://ameymdm.ameygroup.int/mobicontrol/
i think its something to do with "https%3A%2F%2Fameymdm" which squid does not know how to parse.. t here is not any deny in squid log.
Can any one help me to find out what happenning ...
As i said, if i try without proxy, it works fine. but with proxy it does not ..
thans
ASKER
i cant becuase that applition is our clients
We are trying to connect to their website via those link
We are trying to connect to their website via those link
You should be able to put what I have directly into your browser. In fact you should be able to just click on it.
Now, I am also not sure if Squid is really coming into play here. The reason is it looks like you are connecting to a HTTPS based VPN server (http://portal.mydomain.co.uk) then telling that server you really want to go to https://ameymdm.ameygroup.int/mobicontrol/.
Since you are going over a encrypted http session, "https://ameymdm.ameygroup.int/mobicontrol/ " part will be encrypted. Which means Squid should see it. Typically Squid does not get involved in HTTPS sessions because it would require Squid acting as a man in the middle and decrypting and re-encrypting all traffic. Which is a LOT of overhead and can cause serious performance problems.
Now, I am also not sure if Squid is really coming into play here. The reason is it looks like you are connecting to a HTTPS based VPN server (http://portal.mydomain.co.uk) then telling that server you really want to go to https://ameymdm.ameygroup.int/mobicontrol/.
Since you are going over a encrypted http session, "https://ameymdm.ameygroup.int/mobicontrol/ " part will be encrypted. Which means Squid should see it. Typically Squid does not get involved in HTTPS sessions because it would require Squid acting as a man in the middle and decrypting and re-encrypting all traffic. Which is a LOT of overhead and can cause serious performance problems.
ASKER
can you please have a look into this one
http://www.mail-archive.com/squid-users@squid-cache.org/msg84987.html
i created this for the same problem..
basically,
Internet explorer is using a tunnel to reach that domain
https://ameymdm.ameygroup.int/mobicontrol/.
and this tunnel is creating between the pc and the client's network by by Jupiter network application manager
I used to use blox ( a thirdparty provider's proxy server) its also on squid .
it used to work on that product ..
so i know the squid can do that.. but dont know which option or how ..
http://www.mail-archive.com/squid-users@squid-cache.org/msg84987.html
i created this for the same problem..
basically,
Internet explorer is using a tunnel to reach that domain
https://ameymdm.ameygroup.int/mobicontrol/.
and this tunnel is creating between the pc and the client's network by by Jupiter network application manager
I used to use blox ( a thirdparty provider's proxy server) its also on squid .
it used to work on that product ..
so i know the squid can do that.. but dont know which option or how ..
I'll take a look at the other link.
However, can the squid box resolve the host name ameymdm.ameygroup.int?
I know that this is not a public domain name, because ".int" is not a valid public TLD.
So, Squid must be configured to use an internal DNS server that can resolve the host name.
However, can the squid box resolve the host name ameymdm.ameygroup.int?
I know that this is not a public domain name, because ".int" is not a valid public TLD.
So, Squid must be configured to use an internal DNS server that can resolve the host name.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://portal.mydomain.co.uk/dana/home/launch.cgi?url=https://Fameymdm.ameygroup.int/mobicontrol/
I seem to vaguely remember some proxy server I used once had issues with encoded characters. It wanted to encode the %. I'm not sure if it was Squid or not.