[squid-users] Site not Working through SQUID
Cristiano Nunes
clnunes at gmail.com
Tue Oct 6 18:32:03 UTC 2015
Hi Antony.
The URL is www..yasudamaritima.com.br, but according to the user, you have
to navigate and authenticate to the portion of the site which is supposed
to show the window, but the window is blank.
The squid.log captured during the user session is below:
1444152953.106 0 192.168.0.38 TCP_MISS/000 0 GET
http://www.yasuda.com.br/favicon.ico - DIRECT/www.yasuda.com.br -
1444152953.428 0 192.168.0.38 TCP_IMS_HIT/304 295 GET
http://seguros.yasudamaritima.com.br/hubfs/IMG_Posts/Extra-corretor.jpg -
NONE/- image/jpeg
1444152953.428 0 192.168.0.38 TCP_IMS_HIT/304 295 GET
http://seguros.yasudamaritima.com.br/hubfs/IMG_Posts/04-Corretor-ps_venda.jpg
- NONE/- image/jpeg
1444152953.429 0 192.168.0.38 TCP_IMS_HIT/304 295 GET
http://seguros.yasudamaritima.com.br/hubfs/IMG_Posts/post_corretor8.jpg -
NONE/- image/jpeg
1444152953.431 0 192.168.0.38 TCP_IMS_HIT/304 295 GET
http://seguros.yasudamaritima.com.br/hubfs/IMG_Posts/31-Segurado-RC_BAB.jpg
- NONE/- image/jpeg
1444152953.782 180 192.168.0.38 TCP_MISS/302 1012 GET
http://www.google-analytics.com/r/collect? - DIRECT/173.194.118.6 text/html
1444152954.023 0 192.168.0.38 TCP_IMS_HIT/304 301 GET
http://s7.addthis.com/layers.d3089ff8d4aa15672ac8.js - NONE/-
text/javascript
1444152954.034 0 192.168.0.38 TCP_IMS_HIT/304 301 GET
http://s7.addthis.com/hi-res-css.cfeefd4edd0cdaff82be.js - NONE/-
text/javascript
1444152954.082 0 192.168.0.38 TCP_IMS_HIT/304 311 GET
http://s7.addthis.com/sh.3aa0e79cb54fea3f63d7daa9.html - NONE/- text/html
1444152954.096 0 192.168.0.38 TCP_IMS_HIT/304 301 GET
http://s7.addthis.com/menu.ee745c37cc4914e21ca8.js - NONE/- text/javascript
1444152954.289 426 192.168.0.38 TCP_MISS/200 21476 GET
http://js.hs-analytics.net/analytics/1444153200000/503280.js - DIRECT/
184.28.143.227 text/javascript
1444152954.771 322 192.168.0.38 TCP_MISS/200 961 GET
http://m.addthis.com/live/red_lojson/300lo.json? - DIRECT/104.16.23.235
application/javascript
1444152955.317 324 192.168.0.38 TCP_MISS/200 412 GET
http://track.hubspot.com/__ptq.gif? - DIRECT/54.164.53.68 image/gif
1444152959.736 10073 192.168.0.38 TCP_MISS/200 228 CONNECT
www.gstatic.com:443 - DIRECT/173.194.118.23 -
1444152969.735 14738 192.168.0.38 TCP_MISS/200 4526 CONNECT
fbstatic-a.akamaihd.net:443 - DIRECT/201.6.6.163 -
1444152969.735 15418 192.168.0.38 TCP_MISS/200 3789 CONNECT
s-static.ak.facebook.com:443 - DIRECT/172.229.62.110 -
1444152969.736 15432 192.168.0.38 TCP_MISS/200 3789 CONNECT
s-static.ak.facebook.com:443 - DIRECT/172.229.62.110 -
1444152969.736 14716 192.168.0.38 TCP_MISS/200 262 CONNECT
www.facebook.com:443 - DIRECT/31.13.85.8 -
1444152969.998 146 192.168.0.38 TCP_MISS/200 3010 POST
http://syasweb.yasuda.com.br:9080/SyasWeb/Auto/LoadUsuario.aspx - DIRECT/
201.85.62.34 text/html
1444152970.071 17 192.168.0.38 TCP_MISS/200 366 GET
http://syasweb.yasuda.com.br:9080/SyasWeb/Auto/dynaTraceMonitor? - DIRECT/
201.85.62.34 text/plain
1444152970.116 53 192.168.0.38 TCP_MISS/302 943 GET
http://syasweb.yasuda.com.br:9080/SyasWeb/Auto/WebForms/default.aspx? -
DIRECT/201.85.62.34 text/html
1444152977.019 10383 192.168.0.38 TCP_MISS/200 103653 CONNECT
portalweb.yasudamaritima.com.br:443 - DIRECT/201.85.63.40 -
1444152977.030 10382 192.168.0.38 TCP_MISS/200 2265 CONNECT
portalweb.yasudamaritima.com.br:443 - DIRECT/201.85.63.40 -
1444152977.049 10412 192.168.0.38 TCP_MISS/200 798 CONNECT
portalweb.yasudamaritima.com.br:443 - DIRECT/201.85.63.40 -
1444152979.735 13068 192.168.0.38 TCP_MISS/200 137 CONNECT
portalweb.yasudamaritima.com.br:443 - DIRECT/201.85.63.40 -
1444152979.759 16391 192.168.0.38 TCP_MISS/200 151066 CONNECT
portalweb.yasudamaritima.com.br:443 - DIRECT/201.85.63.40 -
1444153020.403 65399 192.168.0.38 TCP_MISS/200 17889 CONNECT
www.facebook.com:443 - DIRECT/31.13.85.8 -
1444153078.755 115395 192.168.0.38 TCP_MISS/200 3678 CONNECT
www.linkedin.com:443 - DIRECT/108.174.12.129 -
1444153079.087 142525 192.168.0.38 TCP_MISS/200 64000 CONNECT
www.google.com.br:443 - DIRECT/173.194.118.23 -
1444153079.087 129438 192.168.0.38 TCP_MISS/200 7529 CONNECT
www.gstatic.com:443 - DIRECT/173.194.118.23 -
1444153079.087 125913 192.168.0.38 TCP_MISS/200 807 CONNECT
apis.google.com:443 - DIRECT/173.194.118.2 -
1444153079.087 125915 192.168.0.38 TCP_MISS/200 618 CONNECT
s7.addthis.com:443 - DIRECT/104.16.27.35 -
1444153079.087 125453 192.168.0.38 TCP_MISS/200 50115 CONNECT
platform.linkedin.com:443 - DIRECT/184.86.193.85 -
1444153079.087 125421 192.168.0.38 TCP_MISS/200 445 CONNECT
connect.facebook.net:443 - DIRECT/172.230.53.221 -
1444153079.087 124998 192.168.0.38 TCP_MISS/200 624 CONNECT
stats.g.doubleclick.net:443 - DIRECT/64.233.190.154 -
1444153079.088 108930 192.168.0.38 TCP_MISS/200 35399 GET
http://syasweb.yasuda.com.br:9080/SyasWeb/Auto/WebForms/ConsultaCalculo.aspx
- DIRECT/201.85.62.34 text/html
1444153079.088 124444 192.168.0.38 TCP_MISS/200 1010 CONNECT
syndication.twitter.com:443 - DIRECT/199.16.158.49 -
And here is my squid.conf.
[root at fw squid]# grep -v "^$" /etc/squid/squid.conf
http_port 192.168.0.254:3128
visible_hostname fw.akium.com.br
cache_mem 64 MB
cache_dir ufs /cache 5000 24 24
cache_swap_low 90
cache_swap_high 95
maximum_object_size 1 MB
maximum_object_size_in_memory 64 KB
minimum_object_size 1 KB
acl QUERY urlpath_regex cgi-bin \?
acl GOVDOMAIN dstdomain .gov.br
cache deny GOVDOMAIN
cache deny QUERY
#logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
error_directory /etc/squid/errors
#acl all src 0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl rede_local src 192.168.0.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl servidor src 192.168.0.254
acl downloads_mime rep_mime_type -i "/etc/squid/regras/mime_download"
acl block_words_ulrs url_regex -i "/etc/squid/regras/blocked_word_url"
acl block_msn_client req_mime_type ^application/x-msn-messenger
acl unblock_sites url_regex -i "/etc/squid/regras/unblocked_sites"
acl unblock_download_sites url_regex -i
"/etc/squid/regras/unblocked_download_sites"
acl unblock_selected_sites url_regex -i
"/etc/squid/regras/unblocked_selected_sites"
acl google_talk url_regex -i "/etc/squid/regras/block_google_talk"
acl imessengers url_regex -i "/etc/squid/regras/block_imessengers"
acl liberados_selected src "/etc/squid/regras/maquinas_selected"
acl liberados src "/etc/squid/regras/maquinas_liberadas"
acl interno dstdomain akium.com.br
acl SSL_ports port 443 563 9043 448
acl Safe_ports port 80 # http
acl Safe_ports port 81 86 # Apache - Dansguardian error page
acl Safe_ports port 99
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 1015 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1011 # Sincor
acl Safe_ports port 9043 # AdmSeg
acl Safe_ports port 448 # AdmSeg
acl CONNECT method CONNECT
http_access deny google_talk
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#always_direct allow interno
http_access allow localhost
http_access allow servidor
http_access allow unblock_sites
http_access allow unblock_selected_sites liberados_selected
http_access allow liberados
http_access deny imessengers
deny_info http://192.168.0.254/im.html imessengers
http_access deny block_words_ulrs
deny_info http://192.168.0.254/words.html block_words_ulrs
http_access allow rede_local
http_access deny all
http_reply_access allow liberados
http_reply_access allow unblock_download_sites
http_reply_access deny downloads_mime
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
[root at fw squid]#
Appreciate your help!
Att.
Cristiano Nunes
2015-10-06 13:30 GMT-03:00 Antony Stone <Antony.Stone at squid.open.source.it>:
> On Tuesday 06 October 2015 at 17:40:11, Cristiano Nunes wrote:
>
> > I have a Squid Version 3.9.Stable13 which is working perfect.
> >
> > Today I received a complanint of a users which is not able to browse a
> > brazilian site.
> >
> > Squid log shows no DENY at all but the site only shows a white screen
> with
> > no errors.
> >
> > I thought this was a site bug. So I set up a NAT to the user and for my
> > surprise the site worked flawless.
> >
> > The site seems to user ports http(80) / https(443) and http(9080) all
> > theses are not blocked by Squid.
> >
> > What could be the cause to this site not work through Squid.
>
> That's a bit hard for us to tell without knowing:
>
> - the site the user was trying to access (so we can see what sort of HTML
> it
> returns, or try it on our own Squid setups, for example)
>
> - your Squid configuration (so we can see why the access ought to have
> worked)
>
> - what showed up in the Squid log file when the user tried to access the
> site
> (so we can see what Squid was asked to do, what it did, and what the result
> was).
>
>
> I suggest you:
>
> - tell us the URL
>
> - post your squid.conf without blank lines or comments (obscuring any
> sensitive data, if present)
>
> - post the Squid access log for the session (removing detail from any
> other
> sessions so long as you're sure they are unrelated).
>
>
> That may give us some useful information to work on.
>
>
> Regards,
>
>
> Antony.
>
> --
> You can tell that the day just isn't going right when you find yourself
> using
> the telephone before the toilet.
>
> Please reply to the
> list;
> please *don't* CC
> me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151006/2b931e98/attachment-0001.html>
More information about the squid-users
mailing list