[squid-users] accessing google.com
Philipp Wehling
philipp.wehling at megatel.de
Mon Jul 13 10:39:33 UTC 2015
Hello,
thank you for your answer.
> This is where you really do need to understand the 28,3 debug output.
I thought squid works in a "first-match"-manner... Do you have any documentation, I can read about?
> That is of course following your assumption that Squid is actively rejecting the traffic with ACLs (you provide no evidence of that).
How can I proof that? When the error comes up, I get the default ACL-Block-Page.
> Chances are rather high these days that it has nothing to do with Squid since Google prefer to use HTTPS, QUIC, SPDY, or HTTP/2 protocols. All of which normally bypass Squid processing entirely.
That answer is interesting, because we have some company (blocking) policies regarding drive.google.com and everything works fine. How is it possible, that google.com bypasses these rules? Please give me more hints for my investigation.
Thanks!
kind regards,
pwe
----- Ursprüngliche Mail -----
Von: "Amos Jeffries" <squid3 at treenet.co.nz>
An: squid-users at lists.squid-cache.org
Gesendet: Sonntag, 12. Juli 2015 03:05:30
Betreff: Re: [squid-users] accessing google.com
On 11/07/2015 12:21 a.m., Philipp Wehling wrote:
> Hello,
>
> from time to time we have trouble accessing google.com.
>
> After many many troubleshooting and trying to understand debug_options 28,x I wanted to go another way:
>
> All I want is to display, which ACL is blocking the access to the website.
>
> I already found the directive deny_info but this doesnt give me the right parameters.
>
>
> Any ideas would be appreciated.
This is where you really do need to understand the 28,3 debug output.
There is no one ACL that is causing it. A whole set of ACLs and
particular sequence order of test leads up to any denial.
That is of course following your assumption that Squid is actively
rejecting the traffic with ACLs (you provide no evidence of that).
Chances are rather high these days that it has nothing to do with Squid
since Google prefer to use HTTPS, QUIC, SPDY, or HTTP/2 protocols. All
of which normally bypass Squid processing entirely.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list