On 8/12/2011 12:21 a.m., Nguyen Hai Nam wrote:
On 12/7/2011 4:13 AM, Amos Jeffries wrote:
cc'd to squid-dev so the developers can see this info.
On Tue, 06 Dec 2011 16:43:38 +0700, Nguyen Hai Nam wrote:
Hi,
I've installed Squid 3.2.0.13 as an intercepting proxy server. Today
I tried to build latest version 3.2.0.13 20111205, the problem is
sometimes I suffer lost connection when downloading, eg. it freezes at
xx% and I have to pause and start to continue, When open some
websites, it's normal at first time, if I press refresh opened page I
receive the Error The requested URL could not be retrieved. And if a
https page that was redirected from other http page also had the same
error.
I still can't find the reason, besides the version 3.2.0.13 seems
more stable.
Best regards,
~ Neddie
Thank you for testing and for the feedback.
Is there any sign(s) in your cache.log about what is happening?
Amos
HI Amos,
Here is some results from cache.log:
2011/12/07 18:06:44.436 kid1| SECURITY ALERT: on URL:
http://www.facebook.com/plugins/like.php?api_key=111569915535689&channel_url=https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d9058faa7a974%26origin%3Dhttp%253A%252F%252F9gag.com%252Ff3ff0bbf990ee1a%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2F9gag.com%2Fgag%2F921853%3Fref%3Dfb&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90
alert starts here...
2011/12/07 18:06:44.663 kid1| SECURITY ALERT: Host header forgery
detected on local=216.137.53.20:80 remote=10.2.178.178:9137 FD 26
flags=33 (local IP does not match any domain IP)
2011/12/07 18:06:44.663 kid1| SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET
CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Zune 4.7)
2011/12/07 18:06:44.663 kid1| SECURITY ALERT: on URL:
http://d24w6bsrhbeh9d.cloudfront.net/img/favicon_v2.png
ends here. (hmm, maybe we should make these boundaries a bit clearer
somehow.)
So. Why does "d24w6bsrhbeh9d.cloudfront.net" not resolve to
216.137.53.20 for both the client and for Squid? (other IPs are ignored,
alert only happens on a complete absence of the client-visible IP)
And from access.log:
<snip re-paste of cache.log trace>
from debug "squid -d 1"
1323256004.434 46 10.2.178.178 NONE/409 7352 GET
http://www.facebook.com/dialog/oauth? - HIER_NONE/- text/html
1323256004.438 4 10.2.178.178 NONE/409 6678 GET
http://www.facebook.com/plugins/like.php? - HIER_NONE/- text/html
1323256004.438 2 10.2.178.178 NONE/409 6741 GET
http://www.facebook.com/plugins/like.php? - HIER_NONE/- text/html
1323256004.485 544 10.2.178.178 TCP_MISS/200 752 GET
http://api.facebook.com/restserver.php? - ORIGINAL_DST/69.171.224.21
text/javascript
1323256004.498 114 10.2.178.178 TCP_MISS/200 2159 GET
http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif -
ORIGINAL_DST/203.69.113.56 image/gif
1323256004.590 245 10.2.178.178 TCP_MISS/204 299 GET
http://pixel.quantserve.com/pixel;r=27404736;a=p-f8Bn5MbvAQbXQ;fpan=0;fpa=P0-1342892764-1323250128624;ns=0;ce=1;je=1;sr=1280x1024x32;enc=n;dst=0;et=1323256056796;tzo=-420;ref=http%3A%2F%2F9gag.com%2F;url=http%3A%2F%2F9gag.com%2Fgag%2F921853;ogl=title.Props%20to%20the%20man%2Csite_name.9GAG%2Curl.http%3A%2F%2F9gag%252Ecom%2Fgag%2F921853%2Ctype.article%2Cimage.http%3A%2F%2Fd24w6bsrhbeh9d%252Ecloudfront%252Enet%2Fphoto%2F921853_460s%252Ejpg
- ORIGINAL_DST/203.190.124.15 -
1323256004.664 420 10.2.178.178 NONE/409 4718 GET
http://d24w6bsrhbeh9d.cloudfront.net/img/favicon_v2.png - HIER_NONE/-
text/html
The problem is:
- Can't open any https website
Seems unrelated. The above are all http:// URLs, also HTTPS are not sent
over port 80 to be intercepted like this.
- Got error when open/reopen a random website
By "error" you mean the 409's ? or another?
I've installed new squid box for test, so feel free to tell me
whatever to do or supply more log.
I know the latest 3.2 have a strange crash I hit. Causing random
disconnections.
These 409 are a worry in your setup though. Check the DNS servers used
by Squid are the same used by the client(s). For interception that is
important now.
P/S: I think it related to something new to squid (I guess), because
other services like: yahoo messenger, thunderbird (IMAP/SMTP), etc ...
disconnected when I redirect to test
IMAP/SMTP ??! that would be protocols not related to Squid at all.
Perhapse your test box firewall or routing is different regarding them.
If you can only redirect port 80 traffic and make sure you use policy
routing (or whatever yoru hardware calls it) to send packets. Avoid
doing NAT, particularly DNAT (destination IP/port) changes, outside the
Squid box.
Amos
