Squid not parsing a url correctly!! never seen like this before

fosiul01
fosiul01 used Ask the Experts™
on
Hi
i am facing a wired behaviour from squid.

we are trying to connect to via Jupiter  windows secure application manager to a clients network via http.

its works fine from outside of our network , even though from network without squid proxy .. but when it try to go via squid, it does not able to resolve the address!!!


example :
after trying username and password , its goes to here

https://portal.mydomain.co.uk/dana/home/launch.cgi?url=https%3A%2F%2Fameymdm.ameygroup.int%2Fmobicontrol%2F

So it comes to check Certificate , then it should go to
https://ameymdm.ameygroup.int/mobicontrol/ 

but internet exploer does not find this  https://ameymdm.ameygroup.int/mobicontrol/  

i think its something to do with "https%3A%2F%2Fameymdm" which squid does not know how to parse.. t here is not any deny in squid log.

Can any one help me to find out what happenning ...

As i said, if i try without proxy, it works fine. but with proxy it does not ..



thans
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014

Commented:
Can you try using the real characters instead of the encoded ones?

https://portal.mydomain.co.uk/dana/home/launch.cgi?url=https://Fameymdm.ameygroup.int/mobicontrol/

I seem to vaguely remember some proxy server I used once had issues with encoded characters.  It wanted to encode the %.  I'm not sure if it was Squid or not.
Top Expert 2009

Author

Commented:
i cant becuase that applition is our clients
We are trying to connect to their website via those link
Top Expert 2014

Commented:
You should be able to put what I have directly into your browser.  In fact you should be able to just click on it.

Now, I am also not sure if Squid is really coming into play here.  The reason is it looks like you are connecting to a HTTPS based VPN server (http://portal.mydomain.co.uk) then telling that server you really want to go to  https://ameymdm.ameygroup.int/mobicontrol/.

Since you are going over a encrypted http session, "https://ameymdm.ameygroup.int/mobicontrol/ " part will be encrypted.  Which means Squid should see it.  Typically Squid does not get involved in HTTPS sessions because it would require Squid acting as a man in the middle and decrypting and re-encrypting all traffic.  Which is a LOT of overhead and can cause serious performance problems.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Top Expert 2009

Author

Commented:
can you please have a look into this one
http://www.mail-archive.com/squid-users@squid-cache.org/msg84987.html

i created this for the same problem..

basically,

Internet explorer is using a tunnel to reach that domain
https://ameymdm.ameygroup.int/mobicontrol/.
and this tunnel is  creating between the pc and the client's network by by Jupiter network application manager


I used to use blox ( a thirdparty provider's proxy server) its also on squid .
it used to work on that product ..
so i know the squid can do that.. but dont know which option or how ..
Top Expert 2014

Commented:
I'll take a look at the other link.

However, can the squid box resolve the host name ameymdm.ameygroup.int?

I know that this is not a public domain name, because ".int" is not a valid public TLD.

So, Squid must be configured to use an internal DNS server that can resolve the host name.
Top Expert 2014
Commented:
One more thing, I know I can't get in because I don't have the proper user-id/password, but I tried both the encoded and unencoded URL's as below, and I get the same results, going through MY Squid.

So I think it has to do with DNS and the box Squid is running on not being able to resolve the host name ameameymdm.ameygroup.int.

https://portal.mydomain.co.uk/dana/home/launch.cgi?url=https%3A%2F%2Fameymdm.ameygroup.int%2Fmobicontrol%2F


https://portal.mydomain.co.uk/dana/home/launch.cgi?url=https://ameymdm.ameygroup.int/mobicontrol/

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial