[squid-users] Establishing secure conection problems (Chrome)

Eliezer Croitoru eliezer at ngtech.co.il
Thu Jun 2 14:49:17 UTC 2016 

Hey William,

 

It's not clear what connection from the logs you are talking about since I do not see any logs about a CONNECT request.

It might be because a CONNECT is being shown in the logs after the connection is ended.

To verify the issue I would to verify what squid does and if a cli command like wget or curl from the squid box are doing the same.

There are debug logs levels that can help but try to add "dns_v4_first on" into the squid.conf, reload\restart and try again to see how squid works.

I am almost sure that the connection issue is related to some kind of network layer, you can try to see what happens when you try to access:
https://www.ngtech.co.il/

 

After we will clear this issue out there are other things which you might need to change\add in your squid.conf.

 

Eliezer

 

----

 <http://ngtech.co.il/lmgtfy/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il



 

From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of William Ivanski
Sent: Thursday, June 2, 2016 4:36 PM
To: William Ivanski
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Establishing secure conection problems (Chrome)

 

-> Access.log (the host 192.168.0.52 belongs to acl reqliberacaofixo):
1464870540.039    495 192.168.0.52 TCP_MISS/301 675 GET  <http://www.hotmail.com/> http://www.hotmail.com/ - HIER_DIRECT/ <http://65.55.65.188> 65.55.65.188 text/html
1464870550.793  10206 192.168.0.52 TCP_MISS_ABORTED/000 0 POST  <http://s2.symcb.com/> http://s2.symcb.com/ - HIER_DIRECT/2600:1419:8:18f::201a -
1464870554.259   2241 192.168.0.52 TCP_MISS_ABORTED/000 0 POST  <http://sr.symcd.com/> http://sr.symcd.com/ - HIER_DIRECT/2600:1419:8:18f::201a -
1464870626.286 121662 192.168.0.52 TCP_MISS/200 2192 GET  <http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEH7hSm9v7%2FLTfz%2BtZU062rQ%3D> http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEH7hSm9v7%2FLTfz%2BtZU062rQ%3D - HIER_DIRECT/ <http://23.4.43.27> 23.4.43.27 application/ocsp-response
1464870746.296 119912 192.168.0.52 TCP_MISS/200 2192 GET  <http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D - HIER_DIRECT/ <http://23.4.43.27> 23.4.43.27 application/ocsp-response
1464870866.307 120000 192.168.0.52 TCP_MISS/200 2155 GET  <http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEExA26X5iPrlelfWRXSV%2BYs%3D> http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEExA26X5iPrlelfWRXSV%2BYs%3D - HIER_DIRECT/ <http://23.4.43.27> 23.4.43.27 application/ocsp-response
1464870866.467    149 192.168.0.52 TCP_MISS/304 331 GET  <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab - HIER_DIRECT/2804:a8:c800:301::bd56:7a18 application/octet-stream
1464870986.300 119824 192.168.0.52 TCP_MISS/200 654 GET  <http://crl.geotrust.com/crls/secureca.crl> http://crl.geotrust.com/crls/secureca.crl - HIER_DIRECT/ <http://23.4.37.163> 23.4.37.163 application/pkix-crl
1464871457.106    312 192.168.0.52 TCP_MISS/301 419 GET  <http://support.microsoft.com/> http://support.microsoft.com/ - HIER_DIRECT/ <http://172.224.183.89> 172.224.183.89 -
1464871477.134     45 192.168.0.52 TCP_MISS/301 340 GET  <http://www.itau.com.br/> http://www.itau.com.br/ - HIER_DIRECT/ <http://23.10.60.73> 23.10.60.73 -
1464871487.149     41 192.168.0.52 TCP_MISS/204 184 GET  <http://www.gstatic.com/generate_204> http://www.gstatic.com/generate_204 - HIER_DIRECT/2800:3f0:4001:800::2003 -
1464871490.334    338 192.168.0.52 TCP_MISS/302 685 GET  <http://c1.microsoft.com/c.gif> http://c1.microsoft.com/c.gif? - HIER_DIRECT/ <http://131.253.40.50> 131.253.40.50 -
1464871490.841    501 192.168.0.52 TCP_MISS/302 935 GET  <http://c.bing.com/c.gif> http://c.bing.com/c.gif? - HIER_DIRECT/ <http://65.52.108.11> 65.52.108.11 -
1464871491.004    159 192.168.0.52 TCP_MISS/200 885 GET  <http://c1.microsoft.com/c.gif> http://c1.microsoft.com/c.gif? - HIER_DIRECT/ <http://131.253.40.50> 131.253.40.50 image/gif
1464871507.401  60167 192.168.0.52 TCP_MISS_ABORTED/000 0 GET  <http://sr.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp%2F14Jg%2FXj4aa6BlKlQVdQQUAVmr5906C1mmZGPWzyAHV9WR52oCEGU3b%2BNLNLmDFl%2F0STiGxMc%3D> http://sr.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp%2F14Jg%2FXj4aa6BlKlQVdQQUAVmr5906C1mmZGPWzyAHV9WR52oCEGU3b%2BNLNLmDFl%2F0STiGxMc%3D - HIER_DIRECT/2600:1419:8:191::201a -
1464871517.401  59969 192.168.0.52 TCP_MISS_ABORTED/000 0 GET  <http://sr.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp%2F14Jg%2FXj4aa6BlKlQVdQQUAVmr5906C1mmZGPWzyAHV9WR52oCEG%2F6tqKxfdmg4KPDzqvBuK8%3D> http://sr.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp%2F14Jg%2FXj4aa6BlKlQVdQQUAVmr5906C1mmZGPWzyAHV9WR52oCEG%2F6tqKxfdmg4KPDzqvBuK8%3D - HIER_DIRECT/2600:1419:8:191::201a -
1464871522.402  60173 192.168.0.52 TCP_MISS_ABORTED/000 0 GET  <http://sr.symcb.com/sr.crl> http://sr.symcb.com/sr.crl - HIER_DIRECT/2600:1419:8:181::1abd -
1464871532.402  59968 192.168.0.52 TCP_MISS_ABORTED/000 0 GET  <http://sr.symcb.com/sr.crl> http://sr.symcb.com/sr.crl - HIER_DIRECT/2600:1419:8:181::1abd -
1464871676.152    839 192.168.0.52 TCP_MISS/301 675 GET  <http://www.hotmail.com/> http://www.hotmail.com/ - HIER_DIRECT/ <http://65.55.65.172> 65.55.65.172 text/html
1464871681.856   3654 192.168.0.52 TCP_MISS_ABORTED/000 0 GET  <http://sr.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp%2F14Jg%2FXj4aa6BlKlQVdQQUAVmr5906C1mmZGPWzyAHV9WR52oCEGU3b%2BNLNLmDFl%2F0STiGxMc%3D> http://sr.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp%2F14Jg%2FXj4aa6BlKlQVdQQUAVmr5906C1mmZGPWzyAHV9WR52oCEGU3b%2BNLNLmDFl%2F0STiGxMc%3D - HIER_DIRECT/2600:1419:8:191::201a -
1464871690.823     62 192.168.0.52 TCP_MISS/200 889 POST  <http://ocsp.digicert.com/> http://ocsp.digicert.com/ - HIER_DIRECT/ <http://192.16.58.8> 192.16.58.8 application/ocsp-response
1464871690.880     52 192.168.0.52 TCP_MISS/200 889 POST  <http://ocsp.digicert.com/> http://ocsp.digicert.com/ - HIER_DIRECT/ <http://192.16.58.8> 192.16.58.8 application/ocsp-response
1464871694.282    312 192.168.0.52 TCP_MISS/302 948 GET  <http://www.google.com.br/> http://www.google.com.br/ - HIER_DIRECT/2607:f8b0:4002:c0c::5e text/html
1464871694.785    180 192.168.0.52 TCP_MISS/200 847 POST  <http://clients1.google.com/ocsp> http://clients1.google.com/ocsp - HIER_DIRECT/2800:3f0:4001:801::200e application/ocsp-response
1464871704.519    186 192.168.0.52 TCP_MISS/200 847 POST  <http://clients1.google.com/ocsp> http://clients1.google.com/ocsp - HIER_DIRECT/2800:3f0:4001:801::200e application/ocsp-response
1464871705.113    173 192.168.0.52 TCP_MISS/200 847 POST  <http://clients1.google.com/ocsp> http://clients1.google.com/ocsp - HIER_DIRECT/2800:3f0:4001:801::200e application/ocsp-response
1464871705.485    183 192.168.0.52 TCP_MISS/200 847 POST  <http://clients1.google.com/ocsp> http://clients1.google.com/ocsp - HIER_DIRECT/2800:3f0:4001:801::200e application/ocsp-response
1464871705.748    179 192.168.0.52 TCP_MISS/200 847 POST  <http://clients1.google.com/ocsp> http://clients1.google.com/ocsp - HIER_DIRECT/2800:3f0:4001:801::200e application/ocsp-response
1464871707.725    177 192.168.0.52 TCP_MISS/200 847 POST  <http://clients1.google.com/ocsp> http://clients1.google.com/ocsp - HIER_DIRECT/2800:3f0:4001:801::200e application/ocsp-response
1464871708.014    188 192.168.0.52 TCP_MISS/200 847 POST  <http://clients1.google.com/ocsp> http://clients1.google.com/ocsp - HIER_DIRECT/2800:3f0:4001:801::200e application/ocsp-response
1464871708.768    186 192.168.0.52 TCP_MISS/200 847 POST  <http://clients1.google.com/ocsp> http://clients1.google.com/ocsp - HIER_DIRECT/2800:3f0:4001:801::200e application/ocsp-response
1464871744.573     50 192.168.0.52 TCP_MISS/200 889 POST  <http://ocsp.digicert.com/> http://ocsp.digicert.com/ - HIER_DIRECT/ <http://192.16.58.8> 192.16.58.8 application/ocsp-response
1464871746.272     39 192.168.0.52 TCP_MISS/200 1981 POST  <http://vassg142.ocsp.omniroot.com/> http://vassg142.ocsp.omniroot.com/ - HIER_DIRECT/ <http://189.86.122.11> 189.86.122.11 application/ocsp-response
1464871749.966   1145 192.168.0.52 TCP_MISS/200 341701 GET  <http://ciscobinary.openh264.org/openh264-win32-2706e36bf0a8b7c539c803ed877148c005ffca59.zip> http://ciscobinary.openh264.org/openh264-win32-2706e36bf0a8b7c539c803ed877148c005ffca59.zip - HIER_DIRECT/2600:1403:1::48f6:4070 application/zip
1464871763.636    145 192.168.0.52 TCP_MISS/302 945 HEAD  <http://redirector.gvt1.com/edgedl/release2/4q5bp49e5hqoxn6kx4mnsg1knc0d6zmfyb1zzrw2utmcns77n9nuq1wj8dutbcg1fvvzulfi9uks07x9zue8525igkbwdt9k1k5/51.0.2704.79_chrome_installer_win64.exe> http://redirector.gvt1.com/edgedl/release2/4q5bp49e5hqoxn6kx4mnsg1knc0d6zmfyb1zzrw2utmcns77n9nuq1wj8dutbcg1fvvzulfi9uks07x9zue8525igkbwdt9k1k5/51.0.2704.79_chrome_installer_win64.exe - HIER_DIRECT/2800:3f0:4001:800::200e text/html
1464871763.698     60 192.168.0.52 TCP_MISS/200 429 HEAD  <http://r2---sn-xhcg5uxa-jfcl.gvt1.com/edgedl/release2/4q5bp49e5hqoxn6kx4mnsg1knc0d6zmfyb1zzrw2utmcns77n9nuq1wj8dutbcg1fvvzulfi9uks07x9zue8525igkbwdt9k1k5/51.0.2704.79_chrome_installer_win64.exe> http://r2---sn-xhcg5uxa-jfcl.gvt1.com/edgedl/release2/4q5bp49e5hqoxn6kx4mnsg1knc0d6zmfyb1zzrw2utmcns77n9nuq1wj8dutbcg1fvvzulfi9uks07x9zue8525igkbwdt9k1k5/51.0.2704.79_chrome_installer_win64.exe? - HIER_DIRECT/2804:a8:c800:200::d application/octet-stream
1464871768.281   4550 192.168.0.52 TCP_MISS/200 52687693 GET  <http://r2---sn-xhcg5uxa-jfcl.gvt1.com/edgedl/release2/4q5bp49e5hqoxn6kx4mnsg1knc0d6zmfyb1zzrw2utmcns77n9nuq1wj8dutbcg1fvvzulfi9uks07x9zue8525igkbwdt9k1k5/51.0.2704.79_chrome_installer_win64.exe> http://r2---sn-xhcg5uxa-jfcl.gvt1.com/edgedl/release2/4q5bp49e5hqoxn6kx4mnsg1knc0d6zmfyb1zzrw2utmcns77n9nuq1wj8dutbcg1fvvzulfi9uks07x9zue8525igkbwdt9k1k5/51.0.2704.79_chrome_installer_win64.exe? - HIER_DIRECT/2804:a8:c800:200::d application/octet-stream
1464871797.113     82 192.168.0.52 TCP_MISS/302 1663 GET  <http://redirector.gvt1.com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP2Rb7215C34RRoAOYw9FMifYIKbQ8NQ4eJck316jhcVHOPhJi112xRZ24oxSFePD-fslt2YdyTrBxWUtp4L7gbUAMZSmuXeGbE9p5N8uch3Sy5nHol_Tjr_7w/extension_1_0_0_0.crx> http://redirector.gvt1.com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP2Rb7215C34RRoAOYw9FMifYIKbQ8NQ4eJck316jhcVHOPhJi112xRZ24oxSFePD-fslt2YdyTrBxWUtp4L7gbUAMZSmuXeGbE9p5N8uch3Sy5nHol_Tjr_7w/extension_1_0_0_0.crx - HIER_DIRECT/2800:3f0:4001:800::200e text/html
1464871797.249     92 192.168.0.52 TCP_MISS/200 185264 GET  <http://r1---sn-xhcg5uxa-jfce.gvt1.com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP2Rb7215C34RRoAOYw9FMifYIKbQ8NQ4eJck316jhcVHOPhJi112xRZ24oxSFePD-fslt2YdyTrBxWUtp4L7gbUAMZSmuXeGbE9p5N8uch3Sy5nHol_Tjr_7w/extension_1_0_0_0.crx> http://r1---sn-xhcg5uxa-jfce.gvt1.com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP2Rb7215C34RRoAOYw9FMifYIKbQ8NQ4eJck316jhcVHOPhJi112xRZ24oxSFePD-fslt2YdyTrBxWUtp4L7gbUAMZSmuXeGbE9p5N8uch3Sy5nHol_Tjr_7w/extension_1_0_0_0.crx? - HIER_DIRECT/2804:a8:c800:100::c application/x-chrome-extension
1464871799.230    108 192.168.0.52 TCP_MISS/302 662 GET  <http://tools.google.com/chrome/intl/pt-BR/welcome.html> http://tools.google.com/chrome/intl/pt-BR/welcome.html - HIER_DIRECT/2800:3f0:4004:805::200e text/html
1464871861.524    335 192.168.0.52 TCP_MISS/301 675 GET  <http://www.hotmail.com/> http://www.hotmail.com/ - HIER_DIRECT/ <http://65.55.65.172> 65.55.65.172 text/html
1464871872.190    299 192.168.0.52 TCP_MISS/301 419 GET  <http://support.microsoft.com/> http://support.microsoft.com/ - HIER_DIRECT/ <http://172.224.183.89> 172.224.183.89 -
1464871893.795   1211 192.168.0.52 TCP_MISS/301 344 GET  <http://itau.com.br/> http://itau.com.br/ - HIER_DIRECT/ <http://23.0.95.170> 23.0.95.170 -
1464871902.240     46 192.168.0.52 TCP_MISS/204 184 GET  <http://www.gstatic.com/generate_204> http://www.gstatic.com/generate_204 - HIER_DIRECT/2800:3f0:4001:803::2003 -
1464871906.833    334 192.168.0.52 TCP_MISS/302 685 GET  <http://c1.microsoft.com/c.gif> http://c1.microsoft.com/c.gif? - HIER_DIRECT/ <http://131.253.40.50> 131.253.40.50 -
1464871907.183    348




William Ivanski

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160602/e1a3a7a6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 11308 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160602/e1a3a7a6/attachment-0001.png>

More information about the squid-users mailing list