plain http causes 'empty reply from server'

[justinschw]

I have the following setup: client http/https traffic is redirected routed to port 12345, on which transocks is running. iptables commands:

iptables -t nat -I PREROUTING 1 -i eth1 -p tcp --dport 80 ! --source 192.168.4.1 -j REDIRECT --to-port 12345
iptables -t nat -I PREROUTING 1 -i eth1 -p tcp --dport 443 ! --source 192.168.4.1 -j REDIRECT --to-port 12345

transocks is configured to transparently proxy to squid, which is also configured for ssl bump. Here is my transocks.toml:

listen = "0.0.0.0:12345"

# Connect to HTTP Proxy
proxy_url = "http://127.0.0.1:3128"

[log]
level = "error"

Now on the client side, if I do a "curl http://www.w3.org:80" I get the following output:

curl: (52) Empty reply from server

It works fine if I curl for https.

[ymmt2005]

Does your squid allow port 80 for CONNECT? It normally allows only port 443. https://github.com/squid-cache/squid/blob/f70aedc41741c5475ca5f7d86234e7e6366c8be9/src/cf.data.pre#L1625

Check acl SSL_ports line in squid.conf.

[justinschw]

Thanks for the reply... I see, if I add "acl SSL_ports port 80" underneath that line, it now works fine. How strange, I never thought that regular HTTP did a connect request.

Thanks for the help.