Re: [squid-users] SQUID3: Access denied connecting to one site
Alexandr Dmitriev wrote: Ok, the headers are broken, but there is a way to make squid ignore them? About ssl - they also have another domain www.airbaltic.com which is not accessible either. 22.04.2010 8:29, Amos Jeffries пишет: Part of the point was that they are not even headers at all. Squid does not do anything with body data but pump through. The HTML code bits are just some other bytes of body data to Squid. On 22.04.10 12:29, Alexandr Dmitriev wrote: So, any chance to bypass it? not without modifying the content externally, on the server or the ICAP module. However, as it was stated, it does not cause your problem wince squid does not care about the transferred content. Note that meta directive was designed so the HTTP server could parse it and provide as headers. Squid does not do this. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest.
Re: [squid-users] SQUID3: Access denied connecting to one site
So, any chance to bypass it? 22.04.2010 8:29, Amos Jeffries пишет: Alexandr Dmitriev wrote: Ok, the headers are broken, but there is a way to make squid ignore them? About ssl - they also have another domain www.airbaltic.com which is not accessible either. Part of the point was that they are not even headers at all. Squid does not do anything with body data but pump through. The HTML code bits are just some other bytes of body data to Squid. Amos -- Alexandr Dmitrijev Head of IT Department Fashion Retail Ltd. Phone: +371 67560501 Fax: +371 67560502 GSM: +371 2771 E-mail:alexandr.dmitr...@mos.lv
Re: [squid-users] SQUID3: Access denied connecting to one site
From: Alexandr Dmitriev alexandr.dmitr...@mos.lv I tried to change tcp_ecn, but this did not help. Maybe some other ideas? Just 2 things I found: When I check the page source, I see: metahttp-equiv=Cache-Control: max-age content=300 metahttp-equiv=Expires content=Tue, 20 Apr 2010 06:23:44 GMT The expire is set to yesterday... is that normal? And their SSL certificate is for the .com; no the .lv... JD
Re: [squid-users] SQUID3: Access denied connecting to one site
On Wed, 21 Apr 2010 03:54:33 -0700 (PDT), John Doe jd...@yahoo.com wrote: From: Alexandr Dmitriev alexandr.dmitr...@mos.lv I tried to change tcp_ecn, but this did not help. Maybe some other ideas? Just 2 things I found: When I check the page source, I see: metahttp-equiv=Cache-Control: max-age content=300 metahttp-equiv=Expires content=Tue, 20 Apr 2010 06:23:44 GMT The expire is set to yesterday... is that normal? Well the syntax is broken. There is whitespace after the tag name meta missing. Browsers will drop it as an unknown tag. ... and yes, there is a community of web developers who still add the old IE 3 cache-controls to their page data instead of the HTTP protocol headers. These headers will have exactly zero effect on most systems. And their SSL certificate is for the .com; no the .lv... Also a problem. Though an SSL error should appear if it were being hit. Amos
Re: [squid-users] SQUID3: Access denied connecting to one site
Ok, the headers are broken, but there is a way to make squid ignore them? About ssl - they also have another domain www.airbaltic.com which is not accessible either. 22.04.2010 3:45, Amos Jeffries пишет: On Wed, 21 Apr 2010 03:54:33 -0700 (PDT), John Doejd...@yahoo.com wrote: From: Alexandr Dmitrievalexandr.dmitr...@mos.lv I tried to change tcp_ecn, but this did not help. Maybe some other ideas? Just 2 things I found: When I check the page source, I see: metahttp-equiv=Cache-Control: max-age content=300 metahttp-equiv=Expires content=Tue, 20 Apr 2010 06:23:44 GMT The expire is set to yesterday... is that normal? Well the syntax is broken. There is whitespace after the tag name meta missing. Browsers will drop it as an unknown tag. ... and yes, there is a community of web developers who still add the old IE 3 cache-controls to their page data instead of the HTTP protocol headers. These headers will have exactly zero effect on most systems. And their SSL certificate is for the .com; no the .lv... Also a problem. Though an SSL error should appear if it were being hit. Amos -- Alexandr Dmitrijev Head of IT Department Fashion Retail Ltd. Phone: +371 67560501 Fax: +371 67560502 GSM: +371 2771 E-mail:alexandr.dmitr...@mos.lv
Re: [squid-users] SQUID3: Access denied connecting to one site
Alexandr Dmitriev wrote: Ok, the headers are broken, but there is a way to make squid ignore them? About ssl - they also have another domain www.airbaltic.com which is not accessible either. Part of the point was that they are not even headers at all. Squid does not do anything with body data but pump through. The HTML code bits are just some other bytes of body data to Squid. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
[squid-users] SQUID3: Access denied connecting to one site
Hello, I have ubuntu 9.10 runing with squid 3.0.STABLE18-1 and squidGuard. Squid is set up as a transparent proxy - everything is working just fine, except I can't access one site (www.airbaltic.lv). Squid drops me an error - Access denied. I tried to disable squidGuard - it did not help, but when I connect without squid (disabling transparent access) - I can visit airbaltic.lv Here are records from access.log: 1271761294.299 5 192.168.1.64 TCP_MISS/403 2834 GET http://www.airbaltic.lv/ - DIRECT/87.110.220.160 text/html 1271761305.202 0 192.168.1.64 TCP_NEGATIVE_HIT/403 2842 GET http://www.airbaltic.lv/ - NONE/- text/html And here is my squid.conf: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 192.168.1.0/24 acl Safe_ports port 80# http acl Safe_ports port 21# ftp acl Safe_ports port 443# https acl Safe_ports port 70# gopher acl Safe_ports port 210# wais acl Safe_ports port 1025-65535# unregistered ports acl Safe_ports port 280# http-mgmt acl Safe_ports port 488# gss-http acl Safe_ports port 591# filemaker acl Safe_ports port 777# multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all icp_access deny all htcp_access deny all http_port 3128 transparent hierarchy_stoplist cgi-bin ? access_log /var/log/squid3/access.log squid refresh_pattern ^ftp:144020%10080 refresh_pattern ^gopher:14400%1440 refresh_pattern (cgi-bin|\?)00%0 refresh_pattern .020%4320 coredump_dir /var/spool/squid3 redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf Any ideas? Best regards, -- Alexandr Dmitrijev Head of IT Department Fashion Retail Ltd. Phone: +371 67560501 Fax: +371 67560502 GSM: +371 2771 E-mail:alexandr.dmitr...@mos.lv
Re: [squid-users] SQUID3: Access denied connecting to one site
2010/4/20 Alexandr Dmitriev alexandr.dmitr...@mos.lv: Hello, I have ubuntu 9.10 runing with squid 3.0.STABLE18-1 and squidGuard. Squid is set up as a transparent proxy - everything is working just fine, except I can't access one site (www.airbaltic.lv). Squid drops me an error - Access denied. Try this: echo 0 /proc/sys/net/ipv4/tcp_ecn I tried to disable squidGuard - it did not help, but when I connect without squid (disabling transparent access) - I can visit airbaltic.lv Here are records from access.log: 1271761294.299 5 192.168.1.64 TCP_MISS/403 2834 GET http://www.airbaltic.lv/ - DIRECT/87.110.220.160 text/html 1271761305.202 0 192.168.1.64 TCP_NEGATIVE_HIT/403 2842 GET http://www.airbaltic.lv/ - NONE/- text/html And here is my squid.conf: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 192.168.1.0/24 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all icp_access deny all htcp_access deny all http_port 3128 transparent hierarchy_stoplist cgi-bin ? access_log /var/log/squid3/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 coredump_dir /var/spool/squid3 redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf Any ideas? Best regards, -- Alexandr Dmitrijev Head of IT Department Fashion Retail Ltd. Phone: +371 67560501 Fax: +371 67560502 GSM: +371 2771 E-mail: alexandr.dmitr...@mos.lv
Re: [squid-users] SQUID3: Access denied connecting to one site
Hello, I tried to change tcp_ecn, but this did not help. Maybe some other ideas? Regards, 21.04.2010 4:22, Drunkard Zhang пишет: 2010/4/20 Alexandr Dmitrievalexandr.dmitr...@mos.lv: Hello, I have ubuntu 9.10 runing with squid 3.0.STABLE18-1 and squidGuard. Squid is set up as a transparent proxy - everything is working just fine, except I can't access one site (www.airbaltic.lv). Squid drops me an error - Access denied. Try this: echo 0 /proc/sys/net/ipv4/tcp_ecn I tried to disable squidGuard - it did not help, but when I connect without squid (disabling transparent access) - I can visit airbaltic.lv Here are records from access.log: 1271761294.299 5 192.168.1.64 TCP_MISS/403 2834 GET http://www.airbaltic.lv/ - DIRECT/87.110.220.160 text/html 1271761305.202 0 192.168.1.64 TCP_NEGATIVE_HIT/403 2842 GET http://www.airbaltic.lv/ - NONE/- text/html And here is my squid.conf: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 192.168.1.0/24 acl Safe_ports port 80# http acl Safe_ports port 21# ftp acl Safe_ports port 443# https acl Safe_ports port 70# gopher acl Safe_ports port 210# wais acl Safe_ports port 1025-65535# unregistered ports acl Safe_ports port 280# http-mgmt acl Safe_ports port 488# gss-http acl Safe_ports port 591# filemaker acl Safe_ports port 777# multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all icp_access deny all htcp_access deny all http_port 3128 transparent hierarchy_stoplist cgi-bin ? access_log /var/log/squid3/access.log squid refresh_pattern ^ftp:144020%10080 refresh_pattern ^gopher:14400%1440 refresh_pattern (cgi-bin|\?)00%0 refresh_pattern .020%4320 coredump_dir /var/spool/squid3 redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf Any ideas? Best regards, -- Alexandr Dmitrijev Head of IT Department Fashion Retail Ltd. Phone: +371 67560501 Fax: +371 67560502 GSM: +371 2771 E-mail:alexandr.dmitr...@mos.lv -- Alexandr Dmitrijev Head of IT Department Fashion Retail Ltd. Phone: +371 67560501 Fax: +371 67560502 GSM: +371 2771 E-mail:alexandr.dmitr...@mos.lv
