[squid-users] intercept squid 3.5.1, http://mail.ru

Amos Jeffries squid3 at treenet.co.nz
Sat Feb 14 21:46:13 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 15/02/2015 9:26 a.m., Jason Haar wrote:
> But this is just a hack around a problem isn't it?

Yes.

> ie why can't squid successfully intercept 20M+ transfers from this
> website?

Well, Squid *is* intercepting them. Its what happens after that is
going wrong.

> I guess it's working for 1byte-10M transactions, so why not 20M?

Indeed. Lets look closer...


> 1423851413.570    228 192.168.100.111 TAG_NONE/200 0 CONNECT
> 217.69.141.150:443 - ORIGINAL_DST/217.69.141.150 -

Squid receives a CONNECT, bumps it...


> 1423851413.670     81 192.168.100.111 TCP_MISS/410 291 POST
> https://jim24.mail.ru/helper? - ORIGINAL_DST/217.69.141.150
> text/html


.. inside is a POST to "jim24.mail.ru:443"

Squid delivers that to the server the CONNECT was going to
(217.69.141.150:443).

The server responds "410 Gone".


A debug_options 11,2 trace might provide more insight.

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJU38IkAAoJELJo5wb/XPRjS4UIAOEMiMhYYhfdKR6RncP2dS8w
SjpjPDcpBnGPBgrgfZDGqRna3wkq3m2VvsHfgez//c7hiRkSJ6tWZdIlZMIVvI/P
cZ1x4DSUdsovfVNK/Yfs2Vc6oPjgkpBWrMAlNw3/TcNwHcn6PQCsj0xXxUdZ/Br6
jQ56WuL5FZA+dsIdbKQFwvuVfziwkcGwFfeBLmfEynbEjfV3H6fSe8t5lj5tbLnq
1qUvqdMtyGN4Nvji9T4hslRIgFoFBKs+lJVSSQD9Rqs8/bomukAcoj6H4XplMSZq
zg+zxuMamZJrepM+URqgVxWR8fW+qQH173yq4eHjsTibpyJ5HpGhC+hSmQrCZjY=
=MN2Y
-----END PGP SIGNATURE-----


More information about the squid-users mailing list