TransWikia.com

Squid Proxy: 400 Bad Request when "%25" (Percent Sign) in URL

Server Fault Asked by Berto on December 18, 2021

I have a squid proxy that works well except for this issue:

If a URL has a %25 inside of it (the percent sign), we get a 400 Bad Request and Bad Request is displayed to the web browser.

Example URL:
http://www.amazon.com/25%25-Percent-Off-Stickers-Adhesive/dp/B00J0IBJ0S/

Log:

12/Jan/2016:18:40:28 -0600 429 MY.IP.IS.HERE TCP_MISS/400 310 GET http://www.amazon.com/25%25-Percent-Off-Stickers-Adhesive/dp/B00J0IBJ0S/ – ROUNDROBIN_PARENT/three text/html

I’m not sure if this is a bug or a configuration error. I have a round robin setup as shown above. Here is the output of squid3 -v:

Squid Cache: Version 3.1.19 configure options:
‘–build=x86_64-linux-gnu’ ‘–prefix=/usr’
‘–includedir=${prefix}/include’ ‘–mandir=${prefix}/share/man’
‘–infodir=${prefix}/share/info’ ‘–sysconfdir=/etc’
‘–localstatedir=/var’ ‘–libexecdir=${prefix}/lib/squid3’
‘–srcdir=.’ ‘–disable-maintainer-mode’
‘–disable-dependency-tracking’ ‘–disable-silent-rules’
‘–datadir=/usr/share/squid3’ ‘–sysconfdir=/etc/squid3’
‘–mandir=/usr/share/man’ ‘–with-cppunit-basedir=/usr’
‘–enable-inline’ ‘–enable-async-io=8’
‘–enable-storeio=ufs,aufs,diskd’ ‘–enable-removal-policies=lru,heap’
‘–enable-delay-pools’ ‘–enable-cache-digests’ ‘–enable-underscores’
‘–enable-icap-client’ ‘–enable-follow-x-forwarded-for’
‘–enable-auth=basic,digest,ntlm,negotiate’
‘–enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM’
‘–enable-ntlm-auth-helpers=smb_lm,’
‘–enable-digest-auth-helpers=ldap,password’
‘–enable-negotiate-auth-helpers=squid_kerb_auth’
‘–enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group’
‘–enable-arp-acl’ ‘–enable-esi’ ‘–enable-zph-qos’ ‘–enable-wccpv2’
‘–disable-translation’ ‘–with-logdir=/var/log/squid3’
‘–with-pidfile=/var/run/squid3.pid’ ‘–with-filedescriptors=65536’
‘–with-large-files’ ‘–with-default-user=proxy’
‘–enable-linux-netfilter’ ‘build_alias=x86_64-linux-gnu’ ‘CFLAGS=-g
-O2 -fPIE -fstack-protector –param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security’ ‘LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now’
‘CPPFLAGS=-D_FORTIFY_SOURCE=2’ ‘CXXFLAGS=-g -O2 -fPIE
-fstack-protector –param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security’ –with-squid=/build/squid3-FzlLQ3/squid3-3.1.19

uname -a:

Linux MyHostName 3.13.0-44-generic #73~precise1-Ubuntu SMP Wed Dec 17 00:39:15 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

(It’s an Ubuntu 12.04.5 LTS server)

The hack with this URL would simply be to have something strip out the %25 but that wouldn’t work on all destination websites.

The URL works fine when not going through the proxy.

Thanks for any ideas, I’m willing to provide more config info.

requestsquid

One Answer

I'm using squid for like 15 years. In fact, I'm writing this message through it. I tested the URL you provided, and it works okay. Few things I can tell about your installation, but still:

  • you squid installation is like a thousand years old. Upgrade to 3.5.x at least, ASAP.
  • from your access log I can tell that you are using a proxy chain, because of the ROUNDROBIN_PARENT/three status. This means that the problem could be not in your squid, but rather in parent cache. You should investigate further.

Answered by drookie on December 18, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP