[squid-users] https issues for google

Visolve Squid squid at visolve.com
Fri Oct 10 04:57:39 UTC 2014 

Hi,

Check the below acl rule in your squid configuration file to Block the 
particular Domain URLs and also block keywords itself.

# ACL block sites
acl blocksites dstdomain  .youtube.com

# ACL block keywords
acl blockkeywords url_regex -i .youtube.com

#Deny access to block keywords ACL  &  block sites ACL's
http_access deny blockkeywords
http_access deny blocksites

And check the access.log file in the squid.

Regards,
ViSolve Squid
On 10/10/2014 4:32 AM, glenn.groves at bradnams.com.au wrote:
> I was able to capture the log at the time this happened to me, I got the following in the access.log:
>
> 1412895309.389     84 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 -
> 1412895311.770      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html
> 1412895311.852     77 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 -
> 1412895311.855      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html
> 1412895311.937     77 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 -
> 1412895311.941      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html
> 1412895312.053    107 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 -
> 1412895312.056      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html
> 1412895312.124     65 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 -
> 1412895312.680      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html
> 1412895312.765     79 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 -
> 1412895312.768      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html
> 1412895312.846     74 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 -
> 1412895312.851      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html
> 1412895312.927     73 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 -
> 1412895312.931      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html
>
> Not sure why it would be saying TCP_MISS, I assume the TCP_DENIED is expected as it happens after the TCP_MISS and has no authentication information.
>
>
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of glenn.groves at bradnams.com.au
> Sent: Thursday, 9 October 2014 9:04 AM
> To: eliezer at ngtech.co.il; squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] https issues for google
>
> Hi Eliezer,
>
> The DNS we are using is the ISP default for external, our internal domain DNS for internal. Nslookup works for all tests.
>
> I would like to update to the latest stable, but I am concerned of breaking the current setup. It took a little work to get it working correctly particularity on the multiple authentication methods working with our domain and trust.
>
> I support what has been said - to check the logs. This will likely take time as I cannot reproduce this issue on demand - and I think users are starting to not report the issue and just living with it (or it is not getting all the way to me at least). I will have to get lucky at some point on my computer and look into it then.
>
> Could squid be getting mixed up when mulipule https requests are to the same address (e.g. https://google.com.au)?
>
> Thanks,
>
> Glenn
>
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Eliezer Croitoru
> Sent: Wednesday, 8 October 2014 7:39 AM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] https issues for google
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey Glenn,
>
> Since you are not using intercept or tproxy the basic place to look at is the access.log.
> You can see there if the proxy is trying for example to reach an IPV6 address (by mistake).
>
> Also to make sure there is an issue you can use specific exception like the cacheadmin acl you are using to allow the cacheadmin access without authentication for the basic test.
>
> Also you are indeed using the latest CentOS 6.5 squid but since the current stable version is 3.4.8 you should try to upgrade(to something else then 3.1) due to other issues.
>
> The issue can be a network or dns related issue which was not detected until now.
>
> Please first make sure that the access.log and cache.log files are clean for errors or issues.
>
> What dns servers are you using?
>
> Eliezer
>
> On 10/07/2014 06:51 AM, glenn.groves at bradnams.com.au wrote:
>> Hi All,
>>
>> We have a weird issue where https sites apparently don't respond (get
>> message "this page can't be displayed"). This mainly affects google
>> websites and to a lesser affect youtube. It has been reported it may
>> have affected some banking sites but this is unconfirmed. We are
>> running centos 6.5 with up to date squid from the centos repositories.
>>
>> Here is the version of squid: yum list installed | grep squid
>> squid.x86_64                         7:3.1.10-20.el6_5.3
>>
>> The https sites work fine if I put a direct hole in the firewall to
>> allow internet traffic directly out - but this is not a solution.
>>
>> Thanks, Glenn
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJUNF1uAAoJENxnfXtQ8ZQUlfYH/i0o9MQDTt8g5aINRljVSMZc
> btC8mcYn/JYn4WUPIoOc4/MhvuYg0JO6hXsSoPxjI1khMrq9fTV2c8eaLItWqYCf
> hjioWPJs2hPwfw6WDi0I6kF0Is+hD/MGsJci7s+jg593lHnm+ZjoDIHj0aCpcdgy
> u95961yZWXINbYsjTirFftnX5UC5MWbwZjaah6zW84RKZl/pa1vJM/tdgqiLdE5V
> GDNhS01mbKPfin8oc/RQk4nYAK39vncSebvSHJwkvPJIKlb54Yti64j6qUfPsav3
> uUvIVKSpxZjFFJoLtw1zjn1MwyynoHNGT1lP+HptsGkDoeGJ6YWU/IwB1sFKcVk=
> =GKmE
> -----END PGP SIGNATURE-----
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>   
> This message (including any attachments) is confidential and may be legally privileged. If you are not the intended recipient, you should not disclose, copy or use any part of it - please delete all copies immediately and notify the Bradnam Group Helpdesk at helpdesk at bradnams.com.au
>
> Any information, statements or opinions contained in this message (including any attachments) are given by the author. They are not given on behalf of the Bradnam Group unless subsequently confirmed by an individual other than the author who is duly authorised to represent the Bradnam Group (or any of its subsidiary and associate companies).
>
> All sent and received email from/to the Bradnam Group (or any of its subsidiary and associate companies) is automatically scanned for the presence of computer viruses, security issues and inappropriate content.
>
> For further information on the services which the Bradnam Group provides visit our web
> site(s) at www.bradnams.com.au or www.nationalglass.com.au _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list