[squid-users] TCP_MISS/419

Amos Jeffries squid3 at treenet.co.nz
Tue Dec 6 14:22:19 UTC 2016


On 7/12/2016 12:01 a.m., Ricardo Pardim Claus wrote:
> Dear Amos, 
> Thanks for the initial contact. 
> 
> Now I'm getting an error message. 
> I placed the domain in the allowed domain list. I still get the access denied message. 
> Can you tell me why I'm getting this status code "TCP_MISS / 403", which actually refers to "Forbidden"?
> 

Because the client was forbidden to access those URLs at that time, in
that way, with the information in the request sent.


> In "Squid Version 3.5.19", I have Squidguard running as well. In the logs I do not see anything that references the site in question. 
> In Version 2.6.STABLE22, I have the Dansguardian running.


So you have a modern proxy with an obsolete traffic filtering plugin,
being compared with an obsolete Squid version chained end-to-end with an
unspecified version of another proxy software product.

What is the point?


> 
> The following are performed only in Squid Version 3.5.19:
> 
> 1481019362.202      5 172.16.16.158 TCP_MISS/403 2836 GET http://www3.centauroseg.com.br/centauroonline/ - HIER_DIRECT/172.16.16.7 text/html 
> 1481019362.221      4 172.16.16.158 TCP_MISS/403 2828 GET http://www3.centauroseg.com.br/favicon.ico - HIER_DIRECT/172.16.16.7 text/html 


The "MISS" part and the HEIR_DIRECT means almost certainly the response
was generated by the server. Though you could have configured that not
to be true.

Lacking any info about your software config (both Squid and everything
else plugged into it [squidguard]) that is the best anyone can say right
now.

The tool at redbot.org tells me there are 200 and 404 responses coming
out of the server now for those URLs.


> 
> Squid Cache: Version 2.6.STABLE22 
> 
> 
> 1481020252.226      0 172.16.16.158 TCP_OFFLINE_HIT/200 1017 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/login?UsrNome=05011810438502&UsrSenha=Vm1wQmVGRXdNVlZWV0djOQ== - NONE/- application/json 
> Dec  6 08:30:52 srv05 squid[17957]: 1481020252.226      0 172.16.16.158 TCP_OFFLINE_HIT/200 1017 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/login?UsrNome=05011810438502&UsrSenha=Vm1wQmVGRXdNVlZWV0djOQ== - NONE/- application/json 
> 1481020252.253     16 172.16.16.158 TCP_OFFLINE_HIT/200 768 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/relacao/permissoes?wUsrCodigo=113 - NONE/- application/json 
> Dec  6 08:30:52 srv05 squid[17957]: 1481020252.253     16 172.16.16.158 TCP_OFFLINE_HIT/200 768 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/relacao/permissoes?wUsrCodigo=113 - NONE/- application/json 
> 1481020252.274     20 172.16.16.158 TCP_OFFLINE_HIT/200 612 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/relacao/nomeUsuarioLogado?TabelaMaster=CADCOMISSIONADOS&CodigoUsuario=45 - NONE/- application/json 
> Dec  6 08:30:52 srv05 squid[17957]: 1481020252.274     20 172.16.16.158 TCP_OFFLINE_HIT/200 612 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/relacao/nomeUsuarioLogado?TabelaMaster=CADCOMISSIONADOS&CodigoUsuario=45 - NONE/- application/json 
> 1481020252.350     19 172.16.16.158 TCP_IMS_HIT/304 351 GET http://www3.centauroseg.com.br/centauroonline/images/linhaAcesso.png - NONE/- image/png 
> Dec  6 08:30:52 srv05 squid[17957]: 1481020252.350     19 172.16.16.158 TCP_IMS_HIT/304 351 GET http://www3.centauroseg.com.br/centauroonline/images/linhaAcesso.png - NONE/- image/png 
> 1481020252.357      6 172.16.16.158 TCP_IMS_HIT/304 352 GET http://www3.centauroseg.com.br/centauroonline/images/acessoCorretor.jpg - NONE/- image/jpeg 
> Dec  6 08:30:52 srv05 squid[17957]: 1481020252.357      6 172.16.16.158 TCP_IMS_HIT/304 352 GET http://www3.centauroseg.com.br/centauroonline/images/acessoCorretor.jpg - NONE/- image/jpeg 
> 1481020252.377     19 172.16.16.158 TCP_IMS_HIT/304 363 GET http://www3.centauroseg.com.br/centauroonline/fonts/Gotham/GothamBlack.woff - NONE/- application/font-woff 
> Dec  6 08:30:52 srv05 squid[17957]: 1481020252.377     19 172.16.16.158 TCP_IMS_HIT/304 363 GET http://www3.centauroseg.com.br/centauroonline/fonts/Gotham/GothamBlack.woff - NONE/- application/font-woff 
> 

Which if those lines is accessing the favicon.ico file ...

Consider:
"
Grass in springtime is green if you go outside and look at it, but the
sky when looked at through a window is blue.

Do you believe there must be some problem with the window not making the
sky the same color as grass? just because the window exists?
"

The log lines you are posting are all about different things, with no
overlap. Like sky compared to grass - they are simply different things
going on.


The proxy access.log is simply a statement of what happened. It does not
tell anyone the *why*. And nobody can do better than guesswork given
only log entries.


> 
> See the logs when the failure occurs (when accessing the resource within the site, I'm redirected to the login page). 

4xx do not necessarily mean failure. They mean that the server needs the
client to send something different to get the resource at the URL being
requested. The value of the 4xx code and other details in the reply
indicate what needs to change (or may not).
 What you are calling a "redirect" seems to be in fact the payload of
the 419 message.

What you see in the logs appears to be how the website is designed to
operate. *Especially* since there are custom codes involved  The site
server is intentionally sending them. Both the 4xx code and the action
that happens because of that response are being forced by the server.



Squid-2.x is HTTP/1.0 software. It follows the RFC 1945 protocol. 2.6
follows some features of RFC 2616, but mostly not.

Squid-3.x is HTTP/1.1 software. It follows most of RFC 2616 and a few
bits of the new RFC 723x specifications.

Some things of the proxy behaviour is the same. But when the client and
server are both HTTP/1.1 as well the behaviour of 3.x can be very
different to Squid-2.x.


Amos



More information about the squid-users mailing list