Re: [squid-users] https issues for google

Visolve Squid Thu, 09 Oct 2014 21:58:18 -0700

Hi,

Check the below acl rule in your squid configuration file to Block theparticular Domain URLs and also block keywords itself.


# ACL block sites
acl blocksites dstdomain  .youtube.com

# ACL block keywords
acl blockkeywords url_regex -i .youtube.com

#Deny access to block keywords ACL  &  block sites ACL's
http_access deny blockkeywords
http_access deny blocksites

And check the access.log file in the squid.

Regards,
ViSolve Squid
On 10/10/2014 4:32 AM, glenn.gro...@bradnams.com.au wrote:

I was able to capture the log at the time this happened to me, I got the 
following in the access.log:

1412895309.389     84 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 
<MYADUSER> DIRECT/74.125.237.160 -
1412895311.770      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT 
www.youtube.com:443 - NONE/- text/html
1412895311.852     77 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 
<MYADUSER> DIRECT/74.125.237.160 -
1412895311.855      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT 
www.youtube.com:443 - NONE/- text/html
1412895311.937     77 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 
<MYADUSER> DIRECT/74.125.237.160 -
1412895311.941      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT 
www.youtube.com:443 - NONE/- text/html
1412895312.053    107 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 
<MYADUSER> DIRECT/74.125.237.160 -
1412895312.056      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT 
www.youtube.com:443 - NONE/- text/html
1412895312.124     65 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 
<MYADUSER> DIRECT/74.125.237.160 -
1412895312.680      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT 
www.youtube.com:443 - NONE/- text/html
1412895312.765     79 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 
<MYADUSER> DIRECT/74.125.237.160 -
1412895312.768      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT 
www.youtube.com:443 - NONE/- text/html
1412895312.846     74 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 
<MYADUSER> DIRECT/74.125.237.160 -
1412895312.851      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT 
www.youtube.com:443 - NONE/- text/html
1412895312.927     73 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 
<MYADUSER> DIRECT/74.125.237.160 -
1412895312.931      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT 
www.youtube.com:443 - NONE/- text/html

Not sure why it would be saying TCP_MISS, I assume the TCP_DENIED is expected 
as it happens after the TCP_MISS and has no authentication information.


-----Original Message-----
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of glenn.gro...@bradnams.com.au
Sent: Thursday, 9 October 2014 9:04 AM
To: elie...@ngtech.co.il; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] https issues for google

Hi Eliezer,

The DNS we are using is the ISP default for external, our internal domain DNS 
for internal. Nslookup works for all tests.

I would like to update to the latest stable, but I am concerned of breaking the 
current setup. It took a little work to get it working correctly particularity 
on the multiple authentication methods working with our domain and trust.

I support what has been said - to check the logs. This will likely take time as 
I cannot reproduce this issue on demand - and I think users are starting to not 
report the issue and just living with it (or it is not getting all the way to 
me at least). I will have to get lucky at some point on my computer and look 
into it then.

Could squid be getting mixed up when mulipule https requests are to the same 
address (e.g. https://google.com.au)?

Thanks,

Glenn

-----Original Message-----
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Eliezer Croitoru
Sent: Wednesday, 8 October 2014 7:39 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] https issues for google

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Glenn,

Since you are not using intercept or tproxy the basic place to look at is the 
access.log.
You can see there if the proxy is trying for example to reach an IPV6 address 
(by mistake).

Also to make sure there is an issue you can use specific exception like the 
cacheadmin acl you are using to allow the cacheadmin access without 
authentication for the basic test.

Also you are indeed using the latest CentOS 6.5 squid but since the current 
stable version is 3.4.8 you should try to upgrade(to something else then 3.1) 
due to other issues.

The issue can be a network or dns related issue which was not detected until 
now.

Please first make sure that the access.log and cache.log files are clean for 
errors or issues.

What dns servers are you using?

Eliezer

On 10/07/2014 06:51 AM, glenn.gro...@bradnams.com.au wrote:

Hi All,

We have a weird issue where https sites apparently don't respond (get
message "this page can't be displayed"). This mainly affects google
websites and to a lesser affect youtube. It has been reported it may
have affected some banking sites but this is unconfirmed. We are
running centos 6.5 with up to date squid from the centos repositories.

Here is the version of squid: yum list installed | grep squid
squid.x86_64                         7:3.1.10-20.el6_5.3

The https sites work fine if I put a direct hole in the firewall to
allow internet traffic directly out - but this is not a solution.

Thanks, Glenn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUNF1uAAoJENxnfXtQ8ZQUlfYH/i0o9MQDTt8g5aINRljVSMZc
btC8mcYn/JYn4WUPIoOc4/MhvuYg0JO6hXsSoPxjI1khMrq9fTV2c8eaLItWqYCf
hjioWPJs2hPwfw6WDi0I6kF0Is+hD/MGsJci7s+jg593lHnm+ZjoDIHj0aCpcdgy
u95961yZWXINbYsjTirFftnX5UC5MWbwZjaah6zW84RKZl/pa1vJM/tdgqiLdE5V
GDNhS01mbKPfin8oc/RQk4nYAK39vncSebvSHJwkvPJIKlb54Yti64j6qUfPsav3
uUvIVKSpxZjFFJoLtw1zjn1MwyynoHNGT1lP+HptsGkDoeGJ6YWU/IwB1sFKcVk=
=GKmE
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

This message (including any attachments) is confidential and may be legally privileged. If you are not the intended recipient, you should not disclose, copy or use any part of it - please delete all copies immediately and notify the Bradnam Group Helpdesk at helpd...@bradnams.com.au


Any information, statements or opinions contained in this message (including 
any attachments) are given by the author. They are not given on behalf of the 
Bradnam Group unless subsequently confirmed by an individual other than the 
author who is duly authorised to represent the Bradnam Group (or any of its 
subsidiary and associate companies).

All sent and received email from/to the Bradnam Group (or any of its subsidiary 
and associate companies) is automatically scanned for the presence of computer 
viruses, security issues and inappropriate content.

For further information on the services which the Bradnam Group provides visit 
our web
site(s) at www.bradnams.com.au or www.nationalglass.com.au 
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] https issues for google

Reply via email to