[squid-users] squid with c-icap
I try to configure squidclamav according http://squidclamav.darold.net/config.html How results c-icap work, but squid - 3.1.19 dont send any request to port 1344 whereis c-icap work. My discussion with squidclamav developer - https://sourceforge.net/p/squidclamav/discussion/800646/thread/3fe5a2a0/?limit=50#30d7 Can you help me with this trouble ?
[squid-users] squid with c-icap
I try to configure squidclamav according http://squidclamav.darold.net/config.html How results c-icap work, but squid - 3.1.19 dont send any request to port 1344 whereis c-icap work. My discussion with squidclamav developer - https://sourceforge.net/p/squidclamav/discussion/800646/thread/3fe5a2a0/?limit=50#30d7 Can you help me with this trouble ?
Re: [squid-users] Help with Squid HTTPS proxy
Hi All I will make use of your suggestions, but this is not just netflix related, basically whatever site I visit I get this error about LookupHostIP: Given Non-IP 'signup.netflix.com': Name or service not known Of course with the variation of the hostname at hand. Regards On Tue, Dec 18, 2012 at 5:58 AM, Amos Jeffries squ...@treenet.co.nz wrote: On 18/12/2012 1:31 p.m., Joshua B. wrote: Netflix doesn't work through Squid The only option you have to allow Netflix to work through a proxied environment without adding exceptions on all your clients, is to put this code in your configuration file: acl netflix dstdomain .netflix.com cache deny netflix That allows Netflix to fully work through the proxy. Tested and therefore knows it works on my network. All that does is prevent *caching* of Netflix objects, all the other proxy handling and traffic management is still operating. That is a clear sign that your caching rules are causing problems, or that the site itself has very broken cache controls. A quick scan of Netflix shows a fair knowledge of caching control, geared towards non-caching of objects. Which points back at your config being the problem. Do you have refresh_pattern with loose regex and ignore-* options forcing things to cache which are supposed to not be stored? please check and remove. Amos
[squid-users] Too many lpops with https
Hi I am trying to setup a squid proxy with transparent https, but I am getting Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects. I am using the default CentOS installation with --enable-ssl 3.1. http is working fine, for https I get the ssl certificate error page and then the loop error. My config is pretty simple and I did try to change from intercept to sslbump and a combination of both, but nothing of that seems to make any difference.The problem is the same for all https sites. See below, the config please : acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl trusted src all # internal IP from venet0:1 and ISP IP (Cable/DSL) acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow trusted http_access allow localhost http_access deny all http_port 0.0.0.0:3128 http_port 0.0.0.0:8128 transparent https_port 0.0.0.0:8129 transparent ssl-bump intercept cert=/usr/local/squid/CA/servercert.pem key=/usr/local/squid/CA/serverkey.pem debug_options ALL,3 coredump_dir /var/spool/squid3 cache deny all refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 request_header_access Proxy-Connection deny all request_header_access X-Forwarded-For deny all request_header_access Connection deny all request_header_access Via deny all forwarded_for off
[squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied
Hi, I have the following problem : when I do not declare a cache dir, my squid starts correctly and runs perfectly. When I uncomment the cache_dir line, it fails with this message : 2012/12/18 11:31:18| /var/cache/squid/.00: (13) Permission denied FATAL: commonUfsDirOpenSwapLog: Failed to open swap log. My squid.conf is : cache_dir aufs /drive/squid_cache/ 344064 64 64 coredump_dir /var/spool/squid access_log none cache_store_log none cache_swap_log /var/cache/squid/ ls -al /var/cache returns this : drwxrw-r--. 2 squid squid 4096 18 déc. 10:56 squid ps -ef | grep squid does not show a squid running I've read all threads on this, but found no solution. Any help will be much appreciated. Thanks in advance, Christophe
Re: [squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied
On 12/18/2012 03:09 PM, Christophe Marchand wrote: Hi, I have the following problem : when I do not declare a cache dir, my squid starts correctly and runs perfectly. When I uncomment the cache_dir line, it fails with this message : 2012/12/18 11:31:18| /var/cache/squid/.00: (13) Permission denied FATAL: commonUfsDirOpenSwapLog: Failed to open swap log. My squid.conf is : cache_dir aufs /drive/squid_cache/ 344064 64 64 coredump_dir /var/spool/squid access_log none cache_store_log none cache_swap_log /var/cache/squid/ ls -al /var/cache returns this : drwxrw-r--. 2 squid squid 4096 18 déc. 10:56 squid ps -ef | grep squid does not show a squid running I've read all threads on this, but found no solution. And what about Docs? Any help will be much appreciated. NP As squid told you it has a problem writing or accessing you logs file/dir/ The first thing to do is to put the right logs directory and permissions. You need to run ls -al /var/cache/squid to see whats inside squid dir. As an advice it will not be smart to use the same directory for cache and logs. you can also disable logs at all to minimize the problem. use cache_swap_log none and see if it solves you problem. Regards, Eliezer Thanks in advance, Christophe
Re: [squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied
/var/log/squid exists, is owned by squid:squid and is empty setting cache_swap_log to none produces the same error, but file name has changed : none.00 I couldn't find this problem into docs, neither into Wiki , but googling this reports many thread entries, but no solution in these threads solved my problem. Best regards, Christophe Le 18/12/2012 14:49, Eliezer Croitoru a écrit : On 12/18/2012 03:09 PM, Christophe Marchand wrote: Hi, I have the following problem : when I do not declare a cache dir, my squid starts correctly and runs perfectly. When I uncomment the cache_dir line, it fails with this message : 2012/12/18 11:31:18| /var/cache/squid/.00: (13) Permission denied FATAL: commonUfsDirOpenSwapLog: Failed to open swap log. My squid.conf is : cache_dir aufs /drive/squid_cache/ 344064 64 64 coredump_dir /var/spool/squid access_log none cache_store_log none cache_swap_log /var/cache/squid/ ls -al /var/cache returns this : drwxrw-r--. 2 squid squid 4096 18 déc. 10:56 squid ps -ef | grep squid does not show a squid running I've read all threads on this, but found no solution. And what about Docs? Any help will be much appreciated. NP As squid told you it has a problem writing or accessing you logs file/dir/ The first thing to do is to put the right logs directory and permissions. You need to run ls -al /var/cache/squid to see whats inside squid dir. As an advice it will not be smart to use the same directory for cache and logs. you can also disable logs at all to minimize the problem. use cache_swap_log none and see if it solves you problem. Regards, Eliezer Thanks in advance, Christophe
Re: [squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied
Thanks Gregory for your response. unfortunately, I've already ran squid -z, both under root user and squid user/ Making squid own /var/cache sounds me strange : all files/directories under /var/cache will be owned by squid user, which is not acceptable : a lot of other programs need to access to this trees. Best regards, Christophe Le 18/12/2012 14:21, Zill, Gregory (OMA-GIS) a écrit : Use the following commands to set the cache folder and then change permissions, assuming squid user runs the squid instance. # path/squid -z # chown -R squid. /var/cache -Original Message- From: Christophe Marchand [mailto:cmarch...@oxiane.com] Sent: Tuesday, December 18, 2012 7:09 AM To: squid-users@squid-cache.org Subject: [squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied Hi, I have the following problem : when I do not declare a cache dir, my squid starts correctly and runs perfectly. When I uncomment the cache_dir line, it fails with this message : 2012/12/18 11:31:18| /var/cache/squid/.00: (13) Permission denied FATAL: commonUfsDirOpenSwapLog: Failed to open swap log. My squid.conf is : cache_dir aufs /drive/squid_cache/ 344064 64 64 coredump_dir /var/spool/squid access_log none cache_store_log none cache_swap_log /var/cache/squid/ ls -al /var/cache returns this : drwxrw-r--. 2 squid squid 4096 18 déc. 10:56 squid ps -ef | grep squid does not show a squid running I've read all threads on this, but found no solution. Any help will be much appreciated. Thanks in advance, Christophe This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much.
RE: [squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied
Add squid directory to the chown command - no problem. -Original Message- From: Christophe Marchand [mailto:cmarch...@oxiane.com] Sent: Tuesday, December 18, 2012 8:52 AM To: squid-users@squid-cache.org Subject: Re: [squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied Thanks Gregory for your response. unfortunately, I've already ran squid -z, both under root user and squid user/ Making squid own /var/cache sounds me strange : all files/directories under /var/cache will be owned by squid user, which is not acceptable : a lot of other programs need to access to this trees. Best regards, Christophe Le 18/12/2012 14:21, Zill, Gregory (OMA-GIS) a écrit : Use the following commands to set the cache folder and then change permissions, assuming squid user runs the squid instance. # path/squid -z # chown -R squid. /var/cache -Original Message- From: Christophe Marchand [mailto:cmarch...@oxiane.com] Sent: Tuesday, December 18, 2012 7:09 AM To: squid-users@squid-cache.org Subject: [squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied Hi, I have the following problem : when I do not declare a cache dir, my squid starts correctly and runs perfectly. When I uncomment the cache_dir line, it fails with this message : 2012/12/18 11:31:18| /var/cache/squid/.00: (13) Permission denied FATAL: commonUfsDirOpenSwapLog: Failed to open swap log. My squid.conf is : cache_dir aufs /drive/squid_cache/ 344064 64 64 coredump_dir /var/spool/squid access_log none cache_store_log none cache_swap_log /var/cache/squid/ ls -al /var/cache returns this : drwxrw-r--. 2 squid squid 4096 18 déc. 10:56 squid ps -ef | grep squid does not show a squid running I've read all threads on this, but found no solution. Any help will be much appreciated. Thanks in advance, Christophe This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much. This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much.
Re: [squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied
I am not sure how you manage your rights on the server and also the locations in it but, Squid cache dir should be fully accessible using the effective_user of squid. It's the same for squid logs. Make sure the whole directory tree is accessible using the squid user. I just noticed that cache_swap_log is not used in 3.1 but only in 2.6 so just remove it. A swap log should not be specified. If you can still use it without errors in squid startup it's a bug and should be reported. So remove it and try to fix your permissions since this is your problem. Regards, Eliezer On 12/18/2012 04:51 PM, Christophe Marchand wrote: Thanks Gregory for your response. unfortunately, I've already ran squid -z, both under root user and squid user/ Making squid own /var/cache sounds me strange : all files/directories under /var/cache will be owned by squid user, which is not acceptable : a lot of other programs need to access to this trees. Best regards, Christophe Le 18/12/2012 14:21, Zill, Gregory (OMA-GIS) a écrit : Use the following commands to set the cache folder and then change permissions, assuming squid user runs the squid instance. # path/squid -z # chown -R squid. /var/cache -Original Message- From: Christophe Marchand [mailto:cmarch...@oxiane.com] Sent: Tuesday, December 18, 2012 7:09 AM To: squid-users@squid-cache.org Subject: [squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied Hi, I have the following problem : when I do not declare a cache dir, my squid starts correctly and runs perfectly. When I uncomment the cache_dir line, it fails with this message : 2012/12/18 11:31:18| /var/cache/squid/.00: (13) Permission denied FATAL: commonUfsDirOpenSwapLog: Failed to open swap log. My squid.conf is : cache_dir aufs /drive/squid_cache/ 344064 64 64 coredump_dir /var/spool/squid access_log none cache_store_log none cache_swap_log /var/cache/squid/ ls -al /var/cache returns this : drwxrw-r--. 2 squid squid 4096 18 déc. 10:56 squid ps -ef | grep squid does not show a squid running I've read all threads on this, but found no solution. Any help will be much appreciated. Thanks in advance, Christophe This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much.
Re: [squid-users] ROCK store and UFS (Squid 3.2.3)
On 27.11.2012 14:07, Horacio H. wrote: Hi, Amos, thanks for your reply. I'll test the patch and use memory_cache_shared set to OFF. Sorry, I was wrong. Objects bigger than maximum_object_size_in_memory are not cached on disk. Although objects smaller than maximum_object_size_in_memory but bigger than 32KB were written to disk, I guess they got a HIT because Squid keeps a copy in memory of hot and in-transit objects. That explains why the UFS store was ignored when Squid was restarted. Thanks. I'm seeing the same problem with Squid 3.2.5. I have not installed the mentioned patch, but I do use the following cache_dir configuration lines: cache_dir rock /cache/squid/rock-08k 610 min-size=0max-size=8192 cache_dir rock /cache/squid/rock-30k 390 min-size=8193 max-size=30720 cache_dir aufs /cache/squid/aufs 3000 15 253 min-size=30721 max-size=20480 maximum_object_size 20 KB maximum_object_size_in_memory 512 KB If I'm reading the code correctly, as long as I specify max-size on each cach_dir directive the mentioned patch will not be needed. With these configuration lines the AUFS directory never stores anything larger than the value specified by maximum_object_size_in_memory. When squid is shutting down the cache log will contain a line like 2012/12/18 00:53:14 kid1| Not currently OK to rewrite swap log. so when it restarts it assumes the AUFS cache is empty. ROCK store seems to work if that is all that I'm using, but it doesn't work well when combined with AUFS. Has anyone gotten ROCK store to work combined with anything else? Mike Mitchell
Re: [squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied
Thanks for this, Eliezer, it makes sense that this option is not more used. I define effective_group as squid, but do not specify effective_user. squid user can access rwx to /var/cache/squid Will try this wednesday morning... Thanks again, Christophe Le 18/12/2012 16:20, Eliezer Croitoru a écrit : I am not sure how you manage your rights on the server and also the locations in it but, Squid cache dir should be fully accessible using the effective_user of squid. It's the same for squid logs. Make sure the whole directory tree is accessible using the squid user. I just noticed that cache_swap_log is not used in 3.1 but only in 2.6 so just remove it. A swap log should not be specified. If you can still use it without errors in squid startup it's a bug and should be reported. So remove it and try to fix your permissions since this is your problem. Regards, Eliezer On 12/18/2012 04:51 PM, Christophe Marchand wrote: Thanks Gregory for your response. unfortunately, I've already ran squid -z, both under root user and squid user/ Making squid own /var/cache sounds me strange : all files/directories under /var/cache will be owned by squid user, which is not acceptable : a lot of other programs need to access to this trees. Best regards, Christophe Le 18/12/2012 14:21, Zill, Gregory (OMA-GIS) a écrit : Use the following commands to set the cache folder and then change permissions, assuming squid user runs the squid instance. # path/squid -z # chown -R squid. /var/cache -Original Message- From: Christophe Marchand [mailto:cmarch...@oxiane.com] Sent: Tuesday, December 18, 2012 7:09 AM To: squid-users@squid-cache.org Subject: [squid-users] Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied Hi, I have the following problem : when I do not declare a cache dir, my squid starts correctly and runs perfectly. When I uncomment the cache_dir line, it fails with this message : 2012/12/18 11:31:18| /var/cache/squid/.00: (13) Permission denied FATAL: commonUfsDirOpenSwapLog: Failed to open swap log. My squid.conf is : cache_dir aufs /drive/squid_cache/ 344064 64 64 coredump_dir /var/spool/squid access_log none cache_store_log none cache_swap_log /var/cache/squid/ ls -al /var/cache returns this : drwxrw-r--. 2 squid squid 4096 18 déc. 10:56 squid ps -ef | grep squid does not show a squid running I've read all threads on this, but found no solution. Any help will be much appreciated. Thanks in advance, Christophe This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much.
[squid-users] Re: Too many lpops with https
OK I finally know what the problem is, I did use tcpdump and when I do make an ssl request squid intercepts it and sends it as http to the destination website, this causes the website to redirect to https and then squid in turn makes another http request, I did make a few tests with different sites an I am sure about this. Any clues about what I did wrong to cause this ? I did try with https_port intercept and with ssl-bump + both. Thanks ! On Tue, Dec 18, 2012 at 12:41 PM, Ali Jawad alijaw...@gmail.com wrote: Hi I am trying to setup a squid proxy with transparent https, but I am getting Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects. I am using the default CentOS installation with --enable-ssl 3.1. http is working fine, for https I get the ssl certificate error page and then the loop error. My config is pretty simple and I did try to change from intercept to sslbump and a combination of both, but nothing of that seems to make any difference.The problem is the same for all https sites. See below, the config please : acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl trusted src all # internal IP from venet0:1 and ISP IP (Cable/DSL) acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow trusted http_access allow localhost http_access deny all http_port 0.0.0.0:3128 http_port 0.0.0.0:8128 transparent https_port 0.0.0.0:8129 transparent ssl-bump intercept cert=/usr/local/squid/CA/servercert.pem key=/usr/local/squid/CA/serverkey.pem debug_options ALL,3 coredump_dir /var/spool/squid3 cache deny all refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 request_header_access Proxy-Connection deny all request_header_access X-Forwarded-For deny all request_header_access Connection deny all request_header_access Via deny all forwarded_for off
[squid-users] Citrix Secure Gateway
We are having an issue with users behind our outbound proxy accessing Citrix ICA through Citrix Secure Gateway. The users can get connected OK, but they have random disconnects. The Squid Server is currently running 3.1.20 on FreeBSD Release9.0-p4, planning to get it upgraded to the latest 3.2.x version (or at least the latest one in ports, think its one behind) tonight to see if that helps. Just wanted to see if anyone else has ran into this issue, and might have any suggestions to resolving it, without just bypassing the proxy. Users are configured using a group policy to push out a proxy configuration for IE, or by using auto-detect with a configured wpad script. No SSL-Bump or transparent proxy is involved, the problem exists for clients on multiple windows versions when using IE or Firefox, so I don't think it is a client related issue. The service vendor has decided the proxy is the source of the problem, but I think this is likely a hey, they are using a proxy lets blame that response. -- Thanks, Dean E. Weimer http://www.dweimer.net/
RE: [squid-users] Squid3 extremely slow for some website cnn.com
Dear amos, Is there any update From: Muhammed Shehata [m.sheh...@tedata.net] Sent: Monday, December 17, 2012 10:24 AM To: Amos Jeffries Cc: squid-users@squid-cache.org; IT Network Security Subject: Re: [squid-users] Squid3 extremely slow for some website cnn.com 2nd file for large attach size Best Regards, *Muhammad Shehata* IT Network Security Engineer TEData Building A11- B90, Smart Village Km 28 Cairo - Alex Desert Road, 6th October, 12577, Egypt T: +20 (2) 33 32 0700 | Ext: 1532 F: +20 (2) 33 32 0800 | M: E: m.sheh...@tedata.net On 12/13/2012 11:58 PM, Amos Jeffries wrote: On 13/12/2012 9:41 p.m., Muhammed Shehata wrote: Dear Amos, -the interrelation: the logs are from two squid similar servers that only differ in version and client at both request doesn't disconnect or anything the aborted maybe mean that squid can't get this url contains java script but what I wonder of why squid can get it successfully -here is the logs with time : squid2 on Centos5.2 1355387935.418 7 x.x.x.x TCP_MISS/304 324 GET http://cdn.optimizely.com/js/128727546.js - DIRECT/23.50.196.211 text/javascript squid3 on Centos 6.3 13/Dec/2012:10:39:05 +0200 20020 x.x.x.x TCP_MISS_ABORTED/000 0 GET http://cdn.optimizely.com/js/128727546.js - HIER_DIRECT/cdn.optimizely.com - 13/Dec/2012:10:39:25 +0200 20020 x.x.x.x TCP_MISS_ABORTED/000 0 GET http://cdn.optimizely.com/js/128727546.js - HIER_DIRECT/cdn.optimizely.com - Aha. Thanks this makes more sense. 7ms with a response versus 20 seconds with nothing returned. Although for better debug you should get the squid-3 to leave upstream server IP address in the log. It could be some problem of which IP is being connected to by Squid. With 3.2 at debugs_options 11,2 you get a cache.log HTTP trace of what is going between Squid and optimizely and client. I suspect optimizely is not responding when a request is delivered to them - but you need to track that down. Amos
Re: [squid-users] Re: Too many lpops with https
Hey Ali, You seem to have hit upon a bug in the squid code-base. I am copying a patch to fix this bug(somehow i am unable to add attachment). If you are unable to apply the patch directly,because of code version, just apply it manually. Its a one liner. Let us know how it goes. Patch: === modified file 'src/client_side.cc' --- src/client_side.cc 2011-03-02 07:27:24 + +++ src/client_side.cc 2011-03-02 20:54:41 + @@ -2016,21 +2016,21 @@ return; /* already in good shape */ /* BUG: Squid cannot deal with '*' URLs (RFC2616 5.1.2) */ +// BUG 2976: Squid only accepts intercepted HTTP. if ((host = mime_get_header(req_hdr, Host)) != NULL) { int url_sz = strlen(url) + 32 + Config.appendDomainLen + strlen(host); http-uri = (char *)xcalloc(url_sz, 1); -snprintf(http-uri, url_sz, %s://%s%s, - conn-port-protocol, host, url); +snprintf(http-uri, url_sz, http://%s%s;, /*conn-port-protocol*/, host, url); debugs(33, 5, TRANSPARENT HOST REWRITE: ' http-uri '); } else { /* Put the local socket IP address as the hostname. */ int url_sz = strlen(url) + 32 + Config.appendDomainLen; http-uri = (char *)xcalloc(url_sz, 1); http-getConn()-me.ToHostname(ipbuf,MAX_IPSTRLEN), -snprintf(http-uri, url_sz, %s://%s:%d%s, - http-getConn()-port-protocol, +snprintf(http-uri, url_sz, http://%s:%d%s;, + // http-getConn()-port-protocol, ipbuf, http-getConn()-me.GetPort(), url); debugs(33, 5, TRANSPARENT REWRITE: ' http-uri '); } On Tue, Dec 18, 2012 at 8:58 PM, Ali Jawad alijaw...@gmail.com wrote: OK I finally know what the problem is, I did use tcpdump and when I do make an ssl request squid intercepts it and sends it as http to the destination website, this causes the website to redirect to https and then squid in turn makes another http request, I did make a few tests with different sites an I am sure about this. Any clues about what I did wrong to cause this ? I did try with https_port intercept and with ssl-bump + both. Thanks ! On Tue, Dec 18, 2012 at 12:41 PM, Ali Jawad alijaw...@gmail.com wrote: Hi I am trying to setup a squid proxy with transparent https, but I am getting Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects. I am using the default CentOS installation with --enable-ssl 3.1. http is working fine, for https I get the ssl certificate error page and then the loop error. My config is pretty simple and I did try to change from intercept to sslbump and a combination of both, but nothing of that seems to make any difference.The problem is the same for all https sites. See below, the config please : acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl trusted src all # internal IP from venet0:1 and ISP IP (Cable/DSL) acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow trusted http_access allow localhost http_access deny all http_port 0.0.0.0:3128 http_port 0.0.0.0:8128 transparent https_port 0.0.0.0:8129 transparent ssl-bump intercept cert=/usr/local/squid/CA/servercert.pem key=/usr/local/squid/CA/serverkey.pem debug_options ALL,3 coredump_dir /var/spool/squid3 cache deny all refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 request_header_access Proxy-Connection deny all request_header_access X-Forwarded-For deny all request_header_access Connection deny all request_header_access Via deny all forwarded_for off -- Regards, -Ahmed Talha Khan
Re: [squid-users] Re: Too many lpops with https
On 19/12/2012 8:35 a.m., Ahmed Talha Khan wrote: Hey Ali, You seem to have hit upon a bug in the squid code-base. I am copying a patch to fix this bug(somehow i am unable to add attachment). If you are unable to apply the patch directly,because of code version, just apply it manually. Its a one liner. Let us know how it goes. Re-opens other bugs. Namely, clients being delivered error pages whenever you reconfigure Squid. PLease upgrade your Squid to 3.1.21 or later instead. Or apply the final patch from earlier his year: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10459.patch Amos