[squid-users] TCP_MISS/403 353 HEAD text/plain Error

snakeeyes ahmed.zaeem at netstream.ps
Thu Jun 4 21:36:56 UTC 2015 

 

 

I have a proxy squid 3.5.2 that has an app to connect to it remotely to
access YouTube Links

 

This App some time works and open the link without problems and its response
as below :

 

    

==============

1433246384.626    245 195.154.200.58 TCP_MISS/200 38660 GET
http://www.youtube.com/get_video_info? - HIER_DIRECT/195.95.178.110
application/x-www-form-urlencoded

1433246384.802     62 195.154.200.58 TCP_MISS/200 454 HEAD
http://r2---sn-8pgbpohxqp5-ac5e.googlevideo.com/videoplayback? -
HIER_DIRECT/82.15.95.141 video/mp4

1433246385.027    125 195.154.200.58 TCP_MISS/200 454 HEAD
http://r2---sn-8pgbpohxqp5-ac5e.googlevideo.com/videoplayback? -
HIER_DIRECT/82.15.95.141 video/webm

1433246386.239    123 195.154.200.58 TCP_MISS/200 453 HEAD
http://r2---sn-8pgbpohxqp5-ac5e.googlevideo.com/videoplayback? -
HIER_DIRECT/82.15.95.141 video/mp4

1433246386.469    121 195.154.200.58 TCP_MISS/200 455 HEAD
http://r2---sn-8pgbpohxqp5-ac5e.googlevideo.com/videoplayback? -
HIER_DIRECT/82.15.95.141 video/x-flv

1433246386.709    139 195.154.200.58 TCP_MISS/200 454 HEAD
http://r2---sn-8pgbpohxqp5-ac5e.googlevideo.com/videoplayback? -
HIER_DIRECT/82.15.95.141 video/3gpp

1433246386.941    121 195.154.200.58 TCP_MISS/200 453 HEAD
http://r2---sn-8pgbpohxqp5-ac5e.googlevideo.com/videoplayback? -
HIER_DIRECT/82.15.95.141 video/3gpp

1433246387.181    131 195.154.200.58 TCP_MISS/200 454 HEAD
http://r2---sn-8pgbpohxqp5-ac5e.googlevideo.com/videoplayback? -
HIER_DIRECT/82.15.95.141 video/mp4

1433246387.334     61 195.154.200.58 TCP_MISS/200 454 HEAD
http://r2---sn-8pgbpohxqp5-ac5e.googlevideo.com/videoplayback? -
HIER_DIRECT/82.15.95.141 video/webm

1433246387.756     61 195.154.200.58 TCP_MISS/200 453 HEAD
http://r2---sn-8pgbpohxqp5-ac5e.googlevideo.com/videoplayback? -
HIER_DIRECT/82.15.95.141 video/mp4

And im some youtube videos , it don't work and has the repsonce as below :

433246591.307    128 195.154.200.58 TCP_MISS/403 353 HEAD
http://r8---sn-8pgbpohxqp5-ac5l.googlevideo.com/videoplayback? -
HIER_DIRECT/62.252.232.19 text/plain

1433246591.530    129 195.154.200.58 TCP_MISS/403 353 HEAD
http://r8---sn-8pgbpohxqp5-ac5l.googlevideo.com/videoplayback? -
HIER_DIRECT/62.252.232.19 text/plain

1433246591.752    121 195.154.200.58 TCP_MISS/403 353 HEAD
http://r8---sn-8pgbpohxqp5-ac5l.googlevideo.com/videoplayback? -
HIER_DIRECT/62.252.232.19 text/plain

1433246591.977    120 195.154.200.58 TCP_MISS/403 353 HEAD
http://r8---sn-8pgbpohxqp5-ac5l.googlevideo.com/videoplayback? -
HIER_DIRECT/62.252.232.19 text/plain

1433246592.218    125 195.154.200.58 TCP_MISS/403 353 HEAD
http://r8---sn-8pgbpohxqp5-ac5l.googlevideo.com/videoplayback? -
HIER_DIRECT/62.252.232.19 text/plain

 

 

The question here is , can I know why squid on some youtube movies  give
error 403 and some videos it works ???

Can I fix the issue of ((TCP_MISS/403)) of those vides ?

 

Here is my squid.conf :

 

squid -v

Squid Cache: Version 3.5.2

Service Name: squid

configure options:  '--prefix=/usr' '--includedir=/include'
'--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc'
'--enable-cachemgr-hostname=Ahmad-Allzaeem' '--localstatedir=/var'
'--libexecdir=/lib/squid' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap'
'--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
'--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam
,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm'
'--enable-digest-auth-helpers=ldap,password'
'--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-esi'
'--disable-translation' '--with-logdir=/var/log/squid'
'--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=131072'
'--with-large-files' '--with-default-user=squid' '--enable-linux-netfilter'
'--enable-ltdl-convenience' '--enable-ssl' '--enable-ssl-crtd'
'--enable-arp-acl' 'CXXFLAGS=-DMAXTCPLISTENPORTS=20000' '--with-openssl'
'--enable-snmp' '--with-included-ltdl'

 

 

config :

root at box2:~# cat /etc/squid/squid.conf

cache_effective_user squid

cache_effective_group squid

#########################################

#dns_nameservers 8.8.8.8

#client_dst_passthru off

#host_verify_strict off

#range_offset_limit -1 

#quick_abort_min -1

#This is special work for best proxy worker "Ahmed M H Allzaeem"###

##https://www.elance.com/s/edit/noshutdown/######

########################################################################

# Lockdown Procedures

#auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user

#acl ncsa_users proxy_auth REQUIRED

#http_access allow ncsa_users

############################

####################################

#

# Recommended minimum configuration:

#

 

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network

acl localnet src 172.16.0.0/12  # RFC1918 possible internal network

acl localnet src xxxxxx/xxxx possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines

 

acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

 

#

# Recommended minimum Access Permission configuration:

#

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

 

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

 

# Only allow cachemgr access from localhost

http_access allow localhost manager

http_access deny manager

 

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

 

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

 

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

 

# And finally deny all other access to this proxy

http_access deny all

 

# Squid normally listens to port 3128

#http_port 3128

######################################

################################################

# Uncomment and adjust the following to add a disk cache directory.

#cache_dir ufs /var/cache/squid 100 16 256

 

# Leave coredumps in the first cache dir

coredump_dir /var/cache/squid

 

#

# Add any of your own refresh_pattern entries above these.

#

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150604/332b46b4/attachment-0001.html>

More information about the squid-users mailing list