Re: Fwd: Re: [squid-users] google picking up squid as
On 07/10/2014 05:05 AM, sq...@proxyplayer.co.uk wrote: The same configuration in an earlier version of squid doesn;t get rejected by Google but in the new version of squid it is rejected by Google so is it possible squid is doing something differently? Probably not too much... What version of squid? Eliezer
RE: Fwd: Re: [squid-users] google picking up squid as
That's very odd. I'd try calling them... There are quite a few folks blocking proxies these days. What I do is remove the via and forwarded for headers with the following command: check_hostnames off forwarded_for delete via off The same configuration in an earlier version of squid doesn;t get rejected by Google but in the new version of squid it is rejected by Google so is it possible squid is doing something differently?
Re: Fwd: Re: [squid-users] google picking up squid as
On 06/27/2014 09:00 AM, Lawrence Pingree wrote: > forwarded_for delete > via off > > I realize this breaks the RFC, More importantly, it breaks Squid's loop detection mechanism. In many environments, breaking that mechanism creates an easy-to-abuse Squid DoS attack vector. Modern Squids have a workaround that can partially restore the loop cutting code AFAICT: Consider adding request_header_add X-UseSomeUniqueNameHere useAnyValueHere all to your squid.conf so that looping HTTP request headers get larger and larger with every iteration until Squid refuses to process the looping request. To cut loops faster, you can also deny incoming requests that carry that unique-to-your-setup header. HTH, Alex.
RE: Fwd: Re: [squid-users] google picking up squid as
That's very odd. I'd try calling them... There are quite a few folks blocking proxies these days. What I do is remove the via and forwarded for headers with the following command: check_hostnames off forwarded_for delete via off I realize this breaks the RFC, but lest be blocked if detected as a squid proxy. sux Best regards, The Geek Guy Lawrence Pingree http://www.lawrencepingree.com/resume/ Author of "The Manager's Guide to Becoming Great" http://www.Management-Book.com -Original Message- From: sq...@proxyplayer.co.uk [mailto:sq...@proxyplayer.co.uk] Sent: Friday, June 27, 2014 4:43 AM To: squid-users@squid-cache.org Subject: Re: Fwd: Re: [squid-users] google picking up squid as > How about contacting google for advise? > They are the one that forces you to the issue. > They don't like it that you have a 1k clients behind your IP address. > They should tell you what to do. > You can tell them that you are using squid as a forward proxy to > enforce usage acls on users inside the network. > It's not a share to use squid... > It's a shame that you cannot get a reasonable explanation to the > reason you are blocked... > There is only 1 client behind the IP address as it is a test server so something is going wrong with either routing or requests to google. Google will not answer any emails. I suppose one alternative is to use unbound in conjunction with squid and not redirect any requests to google?
Re: Fwd: Re: [squid-users] google picking up squid as
How about contacting google for advise? They are the one that forces you to the issue. They don't like it that you have a 1k clients behind your IP address. They should tell you what to do. You can tell them that you are using squid as a forward proxy to enforce usage acls on users inside the network. It's not a share to use squid... It's a shame that you cannot get a reasonable explanation to the reason you are blocked... There is only 1 client behind the IP address as it is a test server so something is going wrong with either routing or requests to google. Google will not answer any emails. I suppose one alternative is to use unbound in conjunction with squid and not redirect any requests to google?
Re: Fwd: Re: [squid-users] google picking up squid as
On 27/06/2014 2:35 p.m., Eliezer Croitoru wrote: > How about contacting google for advise? > They are the one that forces you to the issue. > They don't like it that you have a 1k clients behind your IP address. > They should tell you what to do. > You can tell them that you are using squid as a forward proxy to enforce > usage acls on users inside the network. > It's not a share to use squid... > It's a shame that you cannot get a reasonable explanation to the reason > you are blocked... > > Eliezer > > On 06/27/2014 02:43 AM, sq...@proxyplayer.co.uk wrote: >> So, I added those and restarted...still get the "your computer may be >> sending automated queries" error form google. >> I then set x forwarded for to off, no change. >> Then commented out via, no change. FYI: there seems to be some evidence of this happening for mobile devices with incorrect APN settings configured regardless of proxy existence. Amos
Re: Fwd: Re: [squid-users] google picking up squid as
How about contacting google for advise? They are the one that forces you to the issue. They don't like it that you have a 1k clients behind your IP address. They should tell you what to do. You can tell them that you are using squid as a forward proxy to enforce usage acls on users inside the network. It's not a share to use squid... It's a shame that you cannot get a reasonable explanation to the reason you are blocked... Eliezer On 06/27/2014 02:43 AM, sq...@proxyplayer.co.uk wrote: So, I added those and restarted...still get the "your computer may be sending automated queries" error form google. I then set x forwarded for to off, no change. Then commented out via, no change. Current conf: auth_param basic realm AAA proxy server auth_param basic credentialsttl 2 hours auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd authenticate_cache_garbage_interval 1 hour authenticate_ip_ttl 2 hours acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 1863 # MSN messenger acl ncsa_users proxy_auth REQUIRED acl CONNECT method CONNECT http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow localhost http_access allow ncsa_users http_access deny all icp_access allow all http_port 8080 access_log /var/log/squid/access.log squid cache_log /var/log/squid/cache.log buffered_logs on half_closed_clients off visible_hostname AAAProxyServer log_icp_queries off dns_nameservers 208.67.222.222 208.67.220.220 hosts_file /etc/hosts memory_pools off client_db off delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 40/40 forwarded_for on via on cache_mem 256 MB Quoting Amos Jeffries : On 8/06/2014 5:06 a.m., Lawrence Pingree wrote: I use the following but you need to make sure you have no looping occurring in your nat rules if you are using Transparent mode. forwarded_for delete via off Given that the notice is above traffic volume arriving at Google (not looping) you probably actually need "via on" to both protect against looping and tell google there is a proxy so they should use different metrics. You could also cache to reduce the upstream connection load. Squid does in-memory caching well enough for up to MB sized objects if you give it some cache_mem and remove that "cache deny all" (cache_dir is optional and disabled by default in squid-3). Amos - End forwarded message -