[squid-users] google always requesting captach through transparent proxy

Sun Jan 18 14:48:53 UTC 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19/01/2015 3:39 a.m., squid at proxyplayer.co.uk wrote:
> Google is requesting a captcha everytime I request a page as it is 
> saying that my computer is doing something weird (via a proxy).

What *exactly* is it saying?

> 
> How can I get rid of this message from Google. I tried redirecting 
> directly but it makes no difference. It seems like Google is
> pickingup a lack of headers as an issue.

 acl google dstdom_regex -i google
 http_access deny google

but I suspect maybe you might not actually like the results of what
you are asking for.

> 
> auth_param basic realm AAA proxy server auth_param basic
> credentialsttl 2 hours auth_param basic program
> /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd 
> authenticate_cache_garbage_interval 1 hour authenticate_ip_ttl 2
> hours acl manager proto cache_object acl localhost src
> 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port
> 443 acl Safe_ports port 80          # http acl Safe_ports port 21
> # ftp acl Safe_ports port 443         # https acl Safe_ports port
> 70          # gopher acl Safe_ports port 210         # wais acl
> Safe_ports port 1025-65535  # unregistered ports acl Safe_ports
> port 280         # http-mgmt acl Safe_ports port 488         #
> gss-http acl Safe_ports port 591         # filemaker acl Safe_ports
> port 777         # multiling http acl Safe_ports port 1863
> # MSN messenger acl ncsa_users proxy_auth REQUIRED acl CONNECT
> method CONNECT http_access deny manager http_access deny
> !Safe_ports http_access deny CONNECT !SSL_ports http_access deny
> to_localhost http_access allow localhost http_access allow
> ncsa_users http_access deny all icp_access allow all http_port
> 8080 http_port 80 access_log /var/log/squid/access.log squid 
> cache_log /var/log/squid/cache.log buffered_logs on 
> half_closed_clients off visible_hostname AAAProxyServer 
> log_icp_queries off dns_nameservers 208.67.222.222 208.67.220.220 
> hosts_file /etc/hosts memory_pools off client_db off delay_pools 1 
> delay_class 1 2 delay_parameters 1 -1/-1 400000/400000

I assume this following bit of config is what you meant by "I tried
redirecting directly".

> acl google1 dstdomain .google.com acl google2 dstdomain
> .google.co.uk always_direct allow google1 google2

What it tells Squid is not to use a cache_peer connection if the URL
domain name is BOTH *.google.com AND *.google.co.uk.

So as you should be able to see it is not possible for teh domain to
match two different values simultaneously. And you are not useing
cache_peer ayway so even if/when the directive matches it has no effect.

> via off forwarded_for off follow_x_forwarded_for deny all cache_mem
> 512 MB
> 

PS. you config is showing a lot of directives that have been obsolete
for several years now. If your Squid version is so old that it will
accept the above config, then its time to consider an upgrade.

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUu8fVAAoJELJo5wb/XPRj2GoIAJbO3LxR1L6NmgdnDTH3RvTh
sxsp+Oq0jXj8SjOx5bwSrlrzF84mZFtXjHyEM0iWEwpWGGw6IVQ7JrHIv5sOXI5A
g39yIoqHdKGIhxJE6w5hFefpgfXCAFCQ0lGRCYEFya9+dtno1XPIWlHny0M3/aJD
r24ipb6mffvQ+bvrD9yO1lJK4EaZQmrmp4L5sxEPiUGWunKagZpQIs+xfXwYbf8+
WSmtRdA5lkAGd8ylW/y35SApulU7MxRT+d/hKON/Blwfg1eCKk7dY+VXqp/a0GFH
OOursNxUZHx9PG1FXxHtEjXbDCQfUqw8/jux3DJPpELbe1gr51YJElgI0PQZIro=
=pq+8
-----END PGP SIGNATURE-----