squid2.6中的https_port问题

bujipeng

前几天下了squid2.6-5，把之前2.5的东东移植过来，现在所有的东西都可以了，除了https_port

原来2.5的配置是：
https_port 443    cert=/usr/local/squid/etc/squid_cert.pem   key=/usr/local/squid/etc/squid_key.pem

在使用2.5时，客户端访问某个https网站:https://www.abc.com没有问题，但是在2.6中浏览器就出现了以下错误：
－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－
发生了下列的错误：

Invalid Request
无效的请求
Some aspect of the HTTP Request is invalid. Possible problems:
HTTP 请求的某些方面是无效的。可能是下列问题：

Missing or unknown request method
缺少请求方式或未知的请求方式
Missing URL
缺少网址
Missing HTTP Identifier (HTTP/1.0)
缺少 HTTP 标识（HTTP/1.0）
Request is too large
请求命令过长
Content-Length missing for POST or PUT requests
POST 或 PUT 请求缺少内容长度
Illegal character in hostname; underscores are not allowed
主机名称中包含不合法的字符；下划线是不允许的。
－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

日志中的信息是这样的：
192.168.18.237 - - [30/Nov/2006:14:22:12 +0800] "GET error:invalid-request HTTP/0.0" 400 1944 "-" "-" TCP_DENIED:NONE

－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

但如果在https_port中加入defaultsite：

https_port 443  defaultsite=www.abc.com  cert=/usr/local/squid/etc/squid_cert.pem   key=/usr/local/squid/etc/squid_key.pem

则又可以正常访问https://www.abc.com

但是好像defaultsite不能添加多个，或者同一个端口https_port不能添加多行比如：

https_port 443  defaultsite=www.123.com  cert=/usr/local/squid/etc/squid_cert.pem   key=/usr/local/squid/etc/squid_key.pem
https_port 443  defaultsite=www.abc.com  cert=/usr/local/squid/etc/squid_cert.pem   key=/usr/local/squid/etc/squid_key.pem

那在访问https://www.abc.com的时候它会转向https://www.123.com

所以要请教高手的是：https_port到底要怎么配，才能实现不用指定defaultsite，只要是https请求，都可以转发，需要和其他选项配合使用吗？？？


[ 本帖最后由 bujipeng 于 2006-11-30 14:08 编辑 ]

loesprite

我也遇到了同样的问题，热切关注中，不知道楼主的问题解决了没有，大家一起商量一下。

chinaunixzcx

我的出现如下错误，怎么解决；
ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: https://www.test.cn/

The following error was encountered:

Unable to forward this request at this time.
This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that:

The cache administrator does not allow this cache to make direct connections to origin servers, and
All configured parent caches are currently unreachable.
Your cache administrator is tech@test.cn.



--------------------------------------------------------------------------------

Generated Thu, 30 Aug 2007 03:26:44 GMT by squid72 (squid/2.6.STABLE10)
目的是想用squid做网站代理，并且把证书防止squid上
我的配置文件如下：
http_port 80 transparent
https_port 443 defaultsite=www.test.cn cert=/usr/local/squid/cert.pem key=/usr/local/squid/private
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \? \.aspx \.ashx \.asmx
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 8192 KB
maximum_object_size_in_memory 32 KB
cache_dir ufs /usr/local/squid/var/cache 2048 16 256
#access_log /usr/local/squid/var/logs/access.log common
access_log none
cache_log /usr/local/squid/var/logs/cache.log
#cache_store_log /usr/local/squid/var/logs/store.log
cache_store_log none
emulate_httpd_log on
pid_filename /usr/local/squid/var/logs/squid.pid
hosts_file /etc/hosts
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl myip src 29.12.10.10 28.21.82.35
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl 252 dst 29.28.22.22
acl 251 dst 29.28.22.21
acl 233 dst 29.28.22.23
acl 237 dst 29.238.22.27
acl 234 dst 29.28.22.24
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
cl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager myip
http_access allow 252
http_access allow 251
http_access allow 233
http_access allow 237
http_access allow 234
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr tech@test.cn
cache_effective_user nobody
cache_effective_group nobody
visible_hostname squid72
logfile_rotate 4
forwarded_for on
allow_underscore on
request_body_max_size 0 KB
coredump_dir /usr/local/squid/var/cache
#cache_peer www.gyyx.cn parent 80 7 ssl originserver

chinaunixzcx

/usr/local/squid/var/logs/cache.log
这是我的日志信息

2007/08/30 11:26:44| Failed to select source for 'https://www.test.cn/'
2007/08/30 11:26:44|   always_direct = 0
2007/08/30 11:26:44|    never_direct = 0
2007/08/30 11:26:44|        timedout = 0

我直接用'http://www.test.cn/‘是可以正常访问的，但是用https就出上面的错，请高手指点