[squid-users] Transparent Squid issue with Appstore in MacOS Sierra

Hardik Dangar hardikdangar+squid at gmail.com
Wed Feb 8 11:08:53 UTC 2017 

here is my squid.conf http://pastebin.com/raw/9BTcpVkL

Here is what log looks like when i grep packates from Apple Devices when
app store is opened.

1486551793.635    742 192.168.1.12 TAG_NONE/200 0 CONNECT 17.110.234.27:443
- ORIGINAL_DST/17.110.234.27 -
1486551796.343  30610 192.168.1.12 TAG_NONE/200 0 CONNECT 104.113.210.17:443
- HIER_NONE/- -
1486551796.343  30605 192.168.1.12 TCP_TUNNEL/200 30574 CONNECT
init.itunes.apple.com:443 - ORIGINAL_DST/104.113.210.17 -
1486551799.097  30326 192.168.1.12 TAG_NONE/200 0 CONNECT 104.113.210.17:443
- HIER_NONE/- -
1486551799.097  30324 192.168.1.12 TCP_TUNNEL/200 30584 CONNECT
init.itunes.apple.com:443 - ORIGINAL_DST/104.113.210.17 -
1486551799.502    726 192.168.1.12 TAG_NONE/200 0 CONNECT 17.110.234.27:443
- ORIGINAL_DST/17.110.234.27 -
2017/02/08 16:33:19 kid1| SECURITY ALERT: Host header forgery detected on
local=17.173.66.101:443 remote=192.168.1.12:53158 FD 477 flags=33 (local IP
does not match any domain IP)
1486551805.013  59549 192.168.1.12 TAG_NONE/200 0 CONNECT 17.110.234.27:443
- ORIGINAL_DST/17.110.234.27 -
2017/02/08 16:33:33 kid1| SECURITY ALERT: Host header forgery detected on
local=104.113.210.17:443 remote=192.168.1.12:53159 FD 659 flags=33 (local
IP does not match any domain IP)
1486551826.441  57130 192.168.1.12 TAG_NONE/200 0 CONNECT 17.173.66.96:443
- HIER_NONE/- -
1486551826.441  57052 192.168.1.12 TCP_TUNNEL/200 6671 CONNECT
pd-st.itunes.apple.com:443 - ORIGINAL_DST/17.173.66.96 -
1486551852.061    211 192.168.1.12 TAG_NONE/200 0 CONNECT 104.113.210.11:443
- ORIGINAL_DST/104.113.210.11 -
1486551852.434    216 192.168.1.12 TCP_MISS/200 7010 GET
https://configuration.apple.com/configurations/internetservices/cloudkit/cloudkit-1.0.plist
- ORIGINAL_DST/104.113.210.11 text/xml
1486551881.425    234 192.168.1.12 TAG_NONE/200 0 CONNECT 17.252.172.5:443
- ORIGINAL_DST/17.252.172.5 -
1486551881.791    130 192.168.1.12 TCP_MISS_ABORTED/200 620 ACE
https://guzzoni.apple.com/ace - ORIGINAL_DST/17.252.172.5 -
1486551882.684    207 192.168.1.12 TAG_NONE/200 0 CONNECT 17.252.172.5:443
- ORIGINAL_DST/17.252.172.5 -
1486551882.829    348 192.168.1.12 TCP_REFRESH_MODIFIED/200 415 HEAD
http://www.apple.com/ - ORIGINAL_DST/104.113.211.46 text/html
1486551882.859     68 192.168.1.12 TCP_MISS/200 101 HEAD
https://guzzoni.apple.com/salt - ORIGINAL_DST/17.252.172.5 -
1486551883.004    207 192.168.1.12 TAG_NONE/200 0 CONNECT 17.252.172.5:443
- ORIGINAL_DST/17.252.172.5 -
1486551883.083     67 192.168.1.12 TCP_MISS/406 133 HEAD
https://guzzoni.apple.com/ace - ORIGINAL_DST/17.252.172.5 -
1486551884.123    202 192.168.1.12 TAG_NONE/200 0 CONNECT 17.252.172.5:443
- ORIGINAL_DST/17.252.172.5 -
1486551884.301     81 192.168.1.12 TCP_MISS_ABORTED/200 622 ACE
https://guzzoni.apple.com/ace - ORIGINAL_DST/17.252.172.5 -
1486551886.908     43 192.168.1.12 TCP_REFRESH_MODIFIED/200 415 HEAD
http://www.apple.com/ - ORIGINAL_DST/104.113.211.46 text/html
1486551887.085    207 192.168.1.12 TAG_NONE/200 0 CONNECT 17.252.172.5:443
- ORIGINAL_DST/17.252.172.5 -
1486551887.168     67 192.168.1.12 TCP_MISS/406 133 HEAD
https://guzzoni.apple.com/ace - ORIGINAL_DST/17.252.172.5 -
1486551887.310    200 192.168.1.12 TAG_NONE/200 0 CONNECT 17.252.172.5:443
- ORIGINAL_DST/17.252.172.5 -
1486551887.416     68 192.168.1.12 TCP_MISS/200 101 HEAD
https://guzzoni.apple.com/salt - ORIGINAL_DST/17.252.172.5 -


On Wed, Feb 8, 2017 at 12:35 AM, Hardik Dangar <hardikdangar+squid at gmail.com
> wrote:

> Hello,
>
>
> Here is some information about my squid version,
>
> Squid Cache: Version 3.5.23
> Service Name: squid
> configure options:  '--prefix=/usr' '--localstatedir=/var/squid'
> '--libexecdir=/lib/squid' '--srcdir=.' '--datadir=/share/squid'
> '--sysconfdir=/etc/squid' '--with-default-user=proxy'
> '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid'
> '--with-openssl' '--enable-ssl-crtd' '--enable-inline'
> '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock'
> '--enable-removal-policies=lru,heap' '--enable-delay-pools'
> '--enable-follow-x-forwarded-for' '--enable-url-rewrite-helpers=fake'
> '--enable-ecap'
>
>
> We are running squid as transparent proxy and have certs installed in all
> systems. Until recently all our systems were ubuntu or windows. Recently we
> added mac os Seirra and the biggest issue we had with mac is even after
> installing certificates. Few apps have problems.
>
> Our biggest problem is Itunes Store. It just doesn't work for some reason.
> if we check the log we get random ip's trying to connect via 443 port but
> it doesn't connect.
> Also Skype for Mac does not work. strangely this works for windows and
> ubuntu in our network. Again we see the same behavior.
>
> both of these apps does not work even in Iphone and Ipad.
>
> I believe someone must be able to configure transparent squid with Mac.
> can anyone tell me if i need to do anything extra for Mac setup.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170208/2e50c5de/attachment-0001.html>

More information about the squid-users mailing list