[squid-users] probs with squid and url forwarding

Amos Jeffries squid3 at treenet.co.nz
Thu Nov 20 14:43:41 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/11/2014 12:43 a.m., Andreas.Reschke wrote:
>> Von: Amos Jeffries
> On 20/11/2014 10:57 p.m., Andreas.Reschke wrote:
>>>> Hi there,
>>>> 
>>>> we're using 3 squid proxy (version 3.3.-13, no caching, no 
>>>> logging) at our LAN (4500 User) in front of a squid proxy at
>>>> the DMZ. Now there are a lot of troubles with portals for the
>>>> costumer (like www.covisint.com). After register at this
>>>> portal and select the application there is a forward to
>>>> another domain. At this point squid can't connect the other
>>>> domain with the error: this side isn't reachable.
>>>> 
>>>> How to fix this?
> 
> What is the HTTP message being sent from the client to Squid when
> it "breaks"?
> 
> And what error details is Squid reporting about the problem in
> cache.log? NP: cache.log is mandatory, only access.log/store.log
> are optional.
> 
> Amos
> 
> Hi Amos, access.log is off because of we aren't allowed to log the
> user. Cache.log contains only LDAP-User-Auth and -groups. The only
> method is read the stream with netcat, but there aren't nice data
> because of https.
> 

If you are unable to get any meaningful information about what is
going wrong then you will be unable to solve the problem.

Perhapse you can (temporarily) log only the request made and what
Squid tried to do with it? no details about the users necessary.

  logformat debug %Ss/%03>Hs %<st %rm %ru %Sh/%<a
  access_log stdio:/var/log/squid/debug_access.log debug


I suspect the HTTPS sites are sending logged-in users to some strange
port number or hostname which your squid.conf forbids access to. That
will show up in the above log as a CONNECT with TCP_DENIED/403 and
strange port number that will need to be added to the SSL_Ports ACL.

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUbf4dAAoJELJo5wb/XPRjMHIH/2/JQCpwGMyPHhbFfmmmYSp9
3BO8kGh9ZOexfgiouVeYcNYviuVhg1+roz7uI9Uo3S2PXJFNv5WT+alpTqHPPIQx
obaLK5GsxeXcEgjvtXK9sJhbTrepuO4XXK1THxtKMacT06QtubZyaK5gjLGiLTML
25+IaNrkttpha2jFuMfZRlnKXC/ENRQc+Yp/FzKI1BO98VFuir/mTMn9/8CSD95L
FsnVFwUe/pGUmdlvLpcbUZevgcX13ma3BfytMdjYGF4kDqg4444hygQFzT569P6Q
PA5nMJwY/vZIa0xKnleXkXCBQU05CclNdC9+hAmrxCd9dA1Y9KFKbhX3lVfnvjg=
=Uuek
-----END PGP SIGNATURE-----


More information about the squid-users mailing list