[squid-users] https issues for google

Fri Oct 10 05:08:08 UTC 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/10/2014 12:02 p.m., glenn.groves at bradnams.com.au wrote:
> I was able to capture the log at the time this happened to me, I
> got the following in the access.log:
> 
> 1412895309.389     84 10.10.10.69 TCP_MISS/200 0 CONNECT
> www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 
> 1412895311.770      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT
> www.youtube.com:443 - NONE/- text/html 1412895311.852     77
> 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER>
> DIRECT/74.125.237.160 - 1412895311.855      0 10.10.10.69
> TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html 
> 1412895311.937     77 10.10.10.69 TCP_MISS/200 0 CONNECT
> www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 
> 1412895311.941      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT
> www.youtube.com:443 - NONE/- text/html 1412895312.053    107
> 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER>
> DIRECT/74.125.237.160 - 1412895312.056      0 10.10.10.69
> TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html 
> 1412895312.124     65 10.10.10.69 TCP_MISS/200 0 CONNECT
> www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 
> 1412895312.680      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT
> www.youtube.com:443 - NONE/- text/html 1412895312.765     79
> 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER>
> DIRECT/74.125.237.160 - 1412895312.768      0 10.10.10.69
> TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html 
> 1412895312.846     74 10.10.10.69 TCP_MISS/200 0 CONNECT
> www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 
> 1412895312.851      0 10.10.10.69 TCP_DENIED/407 3983 CONNECT
> www.youtube.com:443 - NONE/- text/html 1412895312.927     73
> 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER>
> DIRECT/74.125.237.160 - 1412895312.931      0 10.10.10.69
> TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html
> 
> Not sure why it would be saying TCP_MISS, I assume the TCP_DENIED
> is expected as it happens after the TCP_MISS and has no
> authentication information.
> 

This looks like perfectly normal authentication working exactly as it
was designed to work.

Privacy and security requires that client/browsers only send users
credentials if they have to. So the client/browser is doing this:

 * open TCP connection
 * HTTP request (no authentication , hiding user credentials) -> 407
challenge
 * retry HTTP request with authentication

The whole auth handshake sequence is happening in 50-100ms.

Being CONNECT tunnels the TCP connection is always closed after the
tunnel is done. Causing a new auth handshake for each CONNECT.

The MISS just means no cached object was used in the reply (CONNECT
not being cacheable). Thats is also normal, we only recently added the
TCP_TUNNEL label to separate tunnelled vs ssl-bumped CONNECT.
 The "0" in bytes column is result of logging bug on CONNECT byte
counting.

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUN2m4AAoJELJo5wb/XPRjx0QH/02x2sHyh3O/S3RuEuyye9Bf
XKHWxwwhYdOa97wZ+dgRPBhl3ge1wqRYxBwDaFbnhh/R652w5j+sJtnXoS0OhD6Z
H0GxuXy7kiekBFEcTDpISKSwKgAmoGjNSEuFVT5vnchf6v3o7eaCTX1fgbpOBd+R
x0mp+HJew76eEOC2tihMpVkRLD6TGg76r3jDOe0y2rbhOqH7Hh1h/7SSST4jNZVw
pz3oflnnMR7h+pk2QIHdDn8Jy4Dmm5waGZHQ1NIyco3wbsm7nmbFMbt+hmf3EGfu
UQCYEuiqx5xh5cgBIrvG+C+lkYdh+CMVLb1xnu0hYGnS0ZikwbaKBnWVkF/I/ZM=
=F5F0
-----END PGP SIGNATURE-----