[squid-users] https issues for google

glenn.groves at bradnams.com.au glenn.groves at bradnams.com.au
Wed Oct 8 23:04:27 UTC 2014 

Hi Eliezer,

The DNS we are using is the ISP default for external, our internal domain DNS for internal. Nslookup works for all tests.

I would like to update to the latest stable, but I am concerned of breaking the current setup. It took a little work to get it working correctly particularity on the multiple authentication methods working with our domain and trust.

I support what has been said - to check the logs. This will likely take time as I cannot reproduce this issue on demand - and I think users are starting to not report the issue and just living with it (or it is not getting all the way to me at least). I will have to get lucky at some point on my computer and look into it then.

Could squid be getting mixed up when mulipule https requests are to the same address (e.g. https://google.com.au)?

Thanks,

Glenn 

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Eliezer Croitoru
Sent: Wednesday, 8 October 2014 7:39 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] https issues for google

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Glenn,

Since you are not using intercept or tproxy the basic place to look at is the access.log.
You can see there if the proxy is trying for example to reach an IPV6 address (by mistake).

Also to make sure there is an issue you can use specific exception like the cacheadmin acl you are using to allow the cacheadmin access without authentication for the basic test.

Also you are indeed using the latest CentOS 6.5 squid but since the current stable version is 3.4.8 you should try to upgrade(to something else then 3.1) due to other issues.

The issue can be a network or dns related issue which was not detected until now.

Please first make sure that the access.log and cache.log files are clean for errors or issues.

What dns servers are you using?

Eliezer

On 10/07/2014 06:51 AM, glenn.groves at bradnams.com.au wrote:
> Hi All,
> 
> We have a weird issue where https sites apparently don't respond (get 
> message "this page can't be displayed"). This mainly affects google 
> websites and to a lesser affect youtube. It has been reported it may 
> have affected some banking sites but this is unconfirmed. We are 
> running centos 6.5 with up to date squid from the centos repositories.
> 
> Here is the version of squid: yum list installed | grep squid 
> squid.x86_64                         7:3.1.10-20.el6_5.3
> 
> The https sites work fine if I put a direct hole in the firewall to 
> allow internet traffic directly out - but this is not a solution.
> 
> Thanks, Glenn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUNF1uAAoJENxnfXtQ8ZQUlfYH/i0o9MQDTt8g5aINRljVSMZc
btC8mcYn/JYn4WUPIoOc4/MhvuYg0JO6hXsSoPxjI1khMrq9fTV2c8eaLItWqYCf
hjioWPJs2hPwfw6WDi0I6kF0Is+hD/MGsJci7s+jg593lHnm+ZjoDIHj0aCpcdgy
u95961yZWXINbYsjTirFftnX5UC5MWbwZjaah6zW84RKZl/pa1vJM/tdgqiLdE5V
GDNhS01mbKPfin8oc/RQk4nYAK39vncSebvSHJwkvPJIKlb54Yti64j6qUfPsav3
uUvIVKSpxZjFFJoLtw1zjn1MwyynoHNGT1lP+HptsGkDoeGJ6YWU/IwB1sFKcVk=
=GKmE
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
 
This message (including any attachments) is confidential and may be legally privileged. If you are not the intended recipient, you should not disclose, copy or use any part of it - please delete all copies immediately and notify the Bradnam Group Helpdesk at helpdesk at bradnams.com.au 

Any information, statements or opinions contained in this message (including any attachments) are given by the author. They are not given on behalf of the Bradnam Group unless subsequently confirmed by an individual other than the author who is duly authorised to represent the Bradnam Group (or any of its subsidiary and associate companies).

All sent and received email from/to the Bradnam Group (or any of its subsidiary and associate companies) is automatically scanned for the presence of computer viruses, security issues and inappropriate content.

For further information on the services which the Bradnam Group provides visit our web 
site(s) at www.bradnams.com.au or www.nationalglass.com.au

More information about the squid-users mailing list