Re: [squid-users] SQUID3: Access denied connecting to one site
So, any chance to bypass it? 22.04.2010 8:29, Amos Jeffries пишет: Alexandr Dmitriev wrote: Ok, the headers are broken, but there is a way to make squid ignore them? About ssl - they also have another domain www.airbaltic.com which is not accessible either. Part of the point was that they are not even headers at all. Squid does not do anything with body data but pump through. The HTML code bits are just some other bytes of body data to Squid. Amos -- Alexandr Dmitrijev Head of IT Department Fashion Retail Ltd. Phone: +371 67560501 Fax: +371 67560502 GSM: +371 2771 E-mail:alexandr.dmitr...@mos.lv
Re: [squid-users] SQUID3: Access denied connecting to one site
Ok, the headers are broken, but there is a way to make squid ignore them? About ssl - they also have another domain www.airbaltic.com which is not accessible either. 22.04.2010 3:45, Amos Jeffries пишет: On Wed, 21 Apr 2010 03:54:33 -0700 (PDT), John Doe wrote: From: Alexandr Dmitriev I tried to change tcp_ecn, but this did not help. Maybe some other ideas? Just 2 things I found: When I check the page source, I see: The expire is set to yesterday... is that "normal"? Well the syntax is broken. There is whitespace after the tag name "meta" missing. Browsers will drop it as an unknown tag. ... and yes, there is a community of web developers who still add the old IE 3 cache-controls to their page data instead of the HTTP protocol headers. These headers will have exactly zero effect on most systems. And their SSL certificate is for the .com; no the .lv... Also a problem. Though an SSL error should appear if it were being hit. Amos -- Alexandr Dmitrijev Head of IT Department Fashion Retail Ltd. Phone: +371 67560501 Fax: +371 67560502 GSM: +371 2771 E-mail:alexandr.dmitr...@mos.lv
Re: [squid-users] SQUID3: Access denied connecting to one site
Hello, I tried to change tcp_ecn, but this did not help. Maybe some other ideas? Regards, 21.04.2010 4:22, Drunkard Zhang пишет: 2010/4/20 Alexandr Dmitriev: Hello, I have ubuntu 9.10 runing with squid 3.0.STABLE18-1 and squidGuard. Squid is set up as a transparent proxy - everything is working just fine, except I can't access one site (www.airbaltic.lv). Squid drops me an error - Access denied. Try this: echo 0> /proc/sys/net/ipv4/tcp_ecn I tried to disable squidGuard - it did not help, but when I connect without squid (disabling transparent access) - I can visit airbaltic.lv Here are records from access.log: 1271761294.299 5 192.168.1.64 TCP_MISS/403 2834 GET http://www.airbaltic.lv/ - DIRECT/87.110.220.160 text/html 1271761305.202 0 192.168.1.64 TCP_NEGATIVE_HIT/403 2842 GET http://www.airbaltic.lv/ - NONE/- text/html And here is my squid.conf: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 192.168.1.0/24 acl Safe_ports port 80# http acl Safe_ports port 21# ftp acl Safe_ports port 443# https acl Safe_ports port 70# gopher acl Safe_ports port 210# wais acl Safe_ports port 1025-65535# unregistered ports acl Safe_ports port 280# http-mgmt acl Safe_ports port 488# gss-http acl Safe_ports port 591# filemaker acl Safe_ports port 777# multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all icp_access deny all htcp_access deny all http_port 3128 transparent hierarchy_stoplist cgi-bin ? access_log /var/log/squid3/access.log squid refresh_pattern ^ftp:144020%10080 refresh_pattern ^gopher:14400%1440 refresh_pattern (cgi-bin|\?)00%0 refresh_pattern .020%4320 coredump_dir /var/spool/squid3 redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf Any ideas? Best regards, -- Alexandr Dmitrijev Head of IT Department Fashion Retail Ltd. Phone: +371 67560501 Fax: +371 67560502 GSM: +371 2771 E-mail:alexandr.dmitr...@mos.lv -- Alexandr Dmitrijev Head of IT Department Fashion Retail Ltd. Phone: +371 67560501 Fax: +371 67560502 GSM: +371 2771 E-mail:alexandr.dmitr...@mos.lv
[squid-users] SQUID3: Access denied connecting to one site
Hello, I have ubuntu 9.10 runing with squid 3.0.STABLE18-1 and squidGuard. Squid is set up as a transparent proxy - everything is working just fine, except I can't access one site (www.airbaltic.lv). Squid drops me an error - Access denied. I tried to disable squidGuard - it did not help, but when I connect without squid (disabling transparent access) - I can visit airbaltic.lv Here are records from access.log: 1271761294.299 5 192.168.1.64 TCP_MISS/403 2834 GET http://www.airbaltic.lv/ - DIRECT/87.110.220.160 text/html 1271761305.202 0 192.168.1.64 TCP_NEGATIVE_HIT/403 2842 GET http://www.airbaltic.lv/ - NONE/- text/html And here is my squid.conf: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 192.168.1.0/24 acl Safe_ports port 80# http acl Safe_ports port 21# ftp acl Safe_ports port 443# https acl Safe_ports port 70# gopher acl Safe_ports port 210# wais acl Safe_ports port 1025-65535# unregistered ports acl Safe_ports port 280# http-mgmt acl Safe_ports port 488# gss-http acl Safe_ports port 591# filemaker acl Safe_ports port 777# multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all icp_access deny all htcp_access deny all http_port 3128 transparent hierarchy_stoplist cgi-bin ? access_log /var/log/squid3/access.log squid refresh_pattern ^ftp:144020%10080 refresh_pattern ^gopher:14400%1440 refresh_pattern (cgi-bin|\?)00%0 refresh_pattern .020%4320 coredump_dir /var/spool/squid3 redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf Any ideas? Best regards, -- Alexandr Dmitrijev Head of IT Department Fashion Retail Ltd. Phone: +371 67560501 Fax: +371 67560502 GSM: +371 2771 E-mail:alexandr.dmitr...@mos.lv