[squid-users] squid ssl bump and Adobe Connect

Vieri rentorbuy at yahoo.com
Mon Jun 5 12:49:25 UTC 2017


Hi,


I'm reposting this message because my previous email was too big.


I'm unable to connect to Adobe Connect through Squid TPROXY.

The URL is:

https://emeacmsd.acms.com/common/help/en/support/meeting_test.htm

# grep -v ^# squid.test.conf | grep -v ^$
http_access allow localhost manager
http_access deny manager
http_port 3227
http_port 3228 tproxy
https_port 3229 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/ssl/squid/proxyserver.pem
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl interceptedhttp myportname 3228
acl interceptedhttps myportname 3229
http_access deny interceptedhttp !localnet
http_access deny interceptedhttps !localnet
sslcrtd_program /usr/libexec/squid/ssl_crtd -s /var/lib/squid/ssl_db_test -M 16MB
sslcrtd_children 10
reply_header_access Alternate-Protocol deny all
ssl_bump stare all
ssl_bump bump all
cache_dir diskd /var/cache/squid.test 100 16 256
http_access allow localnet
http_access allow localhost
http_access deny all
coredump_dir /var/cache/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
pid_filename /run/squid.test.pid
access_log daemon:/var/log/squid/access.test.log squid
cache_log /var/log/squid/cache.test.log
debug_options rotate=1 ALL,5

# cat /var/log/squid/access.test.log

1496665078.340    223 10.215.145.187 TAG_NONE/200 0 CONNECT 216.58.201.142:443 - ORIGINAL_DST/216.58.201.142 -
1496665079.387   1003 10.215.145.187 TCP_MISS/200 4623 POST https://safebrowsing.google.com/safebrowsing/downloads? - ORIGINAL_DST/216.58.201.142 application/vnd.google.safebrowsing-update
1496665080.000    541 10.215.145.187 TAG_NONE/200 0 CONNECT 216.58.211.238:443 - ORIGINAL_DST/216.58.211.238 -
1496665080.129     85 10.215.145.187 TCP_MISS/200 550 GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChVnb29nLWJhZGJpbnVybC1zaGF2YXI4AEACSgwIABCD9QcYg_UHIAE - ORIGINAL_DST/216.58.211.238 application/vnd.google.safebrowsing-chunk
1496665080.241    107 10.215.145.187 TCP_MISS/200 3069 GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyOABAAkoMCAEQy4YQGMuGECABSgwIARC3hhAYt4YQIAFKDAgBEKOFEBijhRAgAUoMCAEQ2IMQGNiDECABSgwIARCEghAYhIIQIAFKDAgBEOv5Dxjr-Q8gAUoMCAEQ9ugPGPboDyABSgwIARDg6A8Y4OgPIAFKDAgBEI3cDxiN3A8gAUoMCAEQitsPGIrbDyABSgwIARD42g8Y-NoPIAFKDAgBEITaDxiF2g8gAUoMCAEQ9NYPGPTWDyABSgwIARCc1Q8YnNUPIAFKDAgBELHLDxixyw8gAUoMCAEQmMoPGJjKDyABSgwIARDLyQ8Yy8kPIAFKDAgBEN7EDxjexA8gAUoMCAEQyb4PGMm-DyABSgwIARCkug8YpLoPIAFKDAgBEIG5DxiBuQ8gAUoMCAEQ-bgPGPm4DyABSgwIARC1uA8YtbgPIAFKDAgBEIq3DxiKtw8gAUoMCAEQobYPGKG2DyABSgwIARCDtg8Yg7YPIAFKDAgBEJa1DxiWtQ8gAUoMCAEQ07QPGNO0DyABSgwIARDGsw8YxrMPIAFKDAgBENuyDxjbsg8gAUoMCAEQmrIPGJqyDyABSgwIARD5sQ8Y-bEPIAFKDAgBEOuxDxjrsQ8gAUoQCAAQltUPGJ3VDyABKgIBBg - ORIGINAL_DST/216.58.211.238 application/vnd.google.safebrowsing-chunk
1496665080.711    466 10.215.145.187 TCP_MISS/200 186018 GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyOABAAkoMCAAQvqgQGL6oECABSiQIABCC2Q8YnNsPIAEqFsUBxgHkAegB9gH3AfgB-QH7Af0BgwI - ORIGINAL_DST/216.58.211.238 application/vnd.google.safebrowsing-chunk
1496665081.067    355 10.215.145.187 TCP_MISS/200 185194 GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyOABAAkp_CAAQntUPGIHZDyABKnEICQoLDBIkLzxCUFJeX2BhZmhqbG5ydnx9mwGqAbEBtAG4AbsBwAHBAcIB6AHuAfAB9gH5AY4CwwLJAs0C3gLhAuIC5ALmAusC7QLuAvAC8QLyAv4C_wKEA4gDigOLA5IDmQOaA5sDpQOoA6kDqwOtAw - ORIGINAL_DST/216.58.211.238 application/vnd.google.safebrowsing-chunk
1496665081.263    193 10.215.145.187 TCP_MISS/200 36504 GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhcjgAQAJKDAgBEMrlExjK5RMgAUoMCAEQueMTGLnjEyABSgwIARCR4xMYkuMTIAFKDAgBEOHiExji4hMgAUoMCAEQz-ITGNLiEyABSgwIARDL4hMYzeITIAFKDAgBEP_hExiD4hMgAUoMCAEQ9-ETGP3hEyABSgwIARDk4RMY9OETIAFKDAgBEM7hExji4RMgAUoMCAEQit4TGIreEyABSgwIARDZ2hMY2doTIAFKDAgBELLZExiy2RMgAUoMCAEQ1NgTGNTYEyABSgwIARCy1RMYuNUTIAFKDAgBEMLUExjE1BMgAUoMCAEQjdQTGI3UEyABSgwIARC-0RMYvtETIAFKDAgBELzRExi80RMgAUoMCAEQstETGLPREyABSgwIARCo0RMYqNETIAFKDAgBEOjQExjo0BMgAUoMCAEQ5NATGOTQEyABSgwIARCd0BMYntATIAFKDAgBEObPExjmzxMgAUoMCAEQ288TGNvPEyABSgwIARDGzxMY0M8TIAFKDAgBELvPExjDzxMgAUoMCAEQqM8TGKjPEyABSgwIARCVzxMYlc8TIAFKDAgBEJHPExiRzxMgAUoMCAEQ684TGO7OEyABSgwIARDazhMY584TIAFKDAgBEM_OExjTzhMgAUoMCAEQns4TGJ7OEyABSgwIARDYzRMY2M0TIAFKDAgBELzNExi8zRMgAUoMCAEQ8MwTGPDMEyABSgwIARDtzBMY7cwTIAFKDAgBEOjMExjrzBMgAUoMCAEQ4cwTGOTMEyABSgwIARDfzBMY38wTIAFKDAgBENfMExjYzBMgAUoMCAEQ08wTGNPMEyABSgwIARDPzBMYz8wTIAFKDAgBEM3MExjNzBMgAUoMCAEQv8wTGL_MEyABSgwIARC9zBMYvcwTIAFKDAgBELvMExi7zBMgAUoMCAEQuMwTGLjMEyABSgwIARCyzBMYsswTIAFKDAgBEK3MExiuzBMgAUoMCAEQpswTGKbMEyABSgwIARCWzBMYlswTIAFKDAgBEIrMExiKzBMgAUoMCAEQ_8sTGP_LEyABSgwIARD6yxMY-ssTIAFKDAgBEPfLExj4yxMgAUoMCAEQ88sTGPPLEyABSgwIARDryxMY68sTIAFKDAgBEObLExjnyxMgAUoMCAEQ2csTGNnLEyABSgwIARDPyxMYz8sTIAFKDAgBEL3LExi9yxMgAUoMCAEQu8sTGLvLEyABSgwIARC2yxMYt8sTIAFKDAgBEKLLExiiyxMgAUoMCAEQoMsTGKDLEyABSgwIARCdyxMYncsTIAFKDAgBEJnLExiZyxMgAUoMCAEQjMsTGI3LEyABSgwIARCByxMYiMsTIAFKDAgBEPvKExj-yhMgAUoMCAEQ6soTGPnKEyABSgwIARDnyhMY58oTIAFKDAgBEOLKExjiyhMgAUoMCAEQ1soTGODKEyABSgwIARDOyhMYzsoTIAFKDAgBEMfKExjHyhMgAUoMCAEQxcoTGMXKEyABSgwIARC9yhMYvcoTIAFKDAgBELrKExi6yhMgAUoMCAEQsMoTGLHKEyABSgwIARCsyhMYrMoTIAFKDAgBEKrKExiqyhMgAUoMCAEQosoTGKLKEyABSgwIARCLyhMYi8oTIAFKDAgBEIDKExiAyhMgAUoMCAEQ-8kTGPzJEyABSgwIARD3yRMY-MkTIAFKDAgBEO3JExjyyRMgAUoMCAEQ6ckTGOnJEyABSgwIARDjyRMY48kTIAFKDAgBEN7JExjfyRMgAUoMCAEQ18kTGNjJEyABSgwIARDUyRMY1MkTIAFKDAgBENHJExjRyRMgAUoMCAEQzckTGM3JEyABSgwIARDGyRMYyMkTIAFKDAgBEMLJExjCyRMgAUoMCAEQvskTGL7JEyAB - ORIGINAL_DST/216.58.211.238 application/vnd.google.safebrowsing-chunk
1496665081.389    123 10.215.145.187 TCP_MISS/200 10706 GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhcjgAQAJKDAgBELnJExi5yRMgAUoMCAEQt8kTGLfJEyABSgwIARCzyRMYs8kTIAFKDAgBELHJExixyRMgAUoMCAEQr8kTGK_JEyABSgwIARCnyRMYp8kTIAFKDAgBEKTJExikyRMgAUoMCAEQmskTGKHJEyABSgwIARCYyRMYmMkTIAFKDAgBEJHJExiSyRMgAUoMCAEQjskTGI7JEyABSgwIARCGyRMYi8kTIAFKDAgBEITJExiEyRMgAUoMCAEQgskTGILJEyABSgwIARCAyRMYgMkTIAFKDAgBEOvIExjryBMgAUoMCAEQ5cgTGObIEyABSgwIARDgyBMY4MgTIAFKDAgBENHIExjRyBMgAUoMCAEQzsgTGM_IEyAB - ORIGINAL_DST/216.58.211.238 application/vnd.google.safebrowsing-chunk
1496665081.812    419 10.215.145.187 TCP_MISS/200 189122 GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhcjgAQAJKDAgAEIKqHRiCqh0gAUoMCAAQ1JsdGJ2dHSAB - ORIGINAL_DST/216.58.211.238 application/vnd.google.safebrowsing-chunk
1496665082.104    290 10.215.145.187 TCP_MISS/200 192024 GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhcjgAQAJKEAgAEJyaHRjTmx0gASoCrwE - ORIGINAL_DST/216.58.211.238 application/vnd.google.safebrowsing-chunk
1496665082.406    298 10.215.145.187 TCP_MISS/200 190496 GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhcjgAQAJKDAgAEM-YHRibmh0gAQ - ORIGINAL_DST/216.58.211.238 application/vnd.google.safebrowsing-chunk
1496665082.678    263 10.215.145.187 TCP_MISS/200 191042 GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhcjgAQAJKDAgAEN6WHRjOmB0gAQ - ORIGINAL_DST/216.58.211.238 application/vnd.google.safebrowsing-chunk
1496665085.543    124 10.215.145.187 TCP_MISS/200 7481 GET https://emeacmsd.acms.com/common/help/en/support/css/globalnav.css - ORIGINAL_DST/54.247.125.57 text/html
1496665085.717    292 10.215.145.187 TAG_NONE/200 0 CONNECT 46.137.190.100:443 - ORIGINAL_DST/46.137.190.100 -
1496665086.800    751 10.215.145.187 TCP_MISS/200 493387 GET https://emeacmsd.acms.com/common/intro/test.swf - ORIGINAL_DST/54.247.125.57 application/x-shockwave-flash
1496665087.217    114 10.215.145.187 TCP_MISS/200 1433 GET https://emeacmsd.acms.com/common/AddInInfo.xml - ORIGINAL_DST/54.247.125.57 application/xml
1496665087.404    113 10.215.145.187 TCP_MISS/200 407 POST https://emeacmsd.acms.com/messagebroker/amf - ORIGINAL_DST/54.247.125.57 application/x-amf
1496665088.098    472 10.215.145.187 TAG_NONE/200 0 CONNECT 46.51.187.18:443 - ORIGINAL_DST/46.51.187.18 -
1496665088.143      6 10.215.145.187 TAG_NONE/400 4428 NONE error:invalid-request - HIER_NONE/- text/html
1496665177.661    209 10.215.145.187 TCP_MISS/200 324 POST https://emeacmsd.acms.com/messagebroker/amf - ORIGINAL_DST/54.247.125.57 application/x-amf

Note the "error:invalid-request" message.

# cat /var/log/squid/cache.test.log (part of it)

---------
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Type: application/x-shockwave-flash
Date: Mon, 05 Jun 2017 12:18:05 GMT
Last-Modified: Wed, 16 Sep 2015 16:36:14 GMT
Server: Apache-Coyote/1.1
Set-Cookie: BreezeCCookie=FDYC-UW78-J9K9-SZ93-YUQP-F4B4-ZRNY-UVXE; Path=/; Secure; HttpOnly
X-Breeze-Cache: appserv/common/intro/test.swf
X-Breeze-Public-Map: /common/,appserv/common/
Content-Length: 492826
X-Cache: MISS from inf-fw1
X-Cache-Lookup: MISS from inf-fw1:3227
Via: 1.1 inf-fw1 (squid/3.5.14)
Connection: keep-alive


----------
2017/06/05 14:18:06.175 kid1| 33,5| AsyncCall.cc(26) AsyncCall: The AsyncCall clientWriteComplete constructed, this=0x80e081e8 [call2315]
2017/06/05 14:18:06.175 kid1| 5,5| Write.cc(35) Write: local=54.247.125.57:443 remote=10.215.145.187 FD 13 flags=17: sz 561: asynCall 0x80e081e8*1
2017/06/05 14:18:06.175 kid1| 5,5| ModEpoll.cc(116) SetSelect: FD 13, type=2, handler=1, client_data=0x808b43a0, timeout=0
2017/06/05 14:18:06.175 kid1| 11,5| http.cc(1399) processReplyBody: adaptationAccessCheckPending=0
2017/06/05 14:18:06.175 kid1| 20,5| store.cc(834) write: storeWrite: writing 8192 bytes for 'B04729E56EF0FD97349B176C475C4F1B'
2017/06/05 14:18:06.175 kid1| 20,3| store_swapout.cc(376) mayStartSwapOut: already allowed
2017/06/05 14:18:06.175 kid1| 20,5| store_swapout.cc(47) storeSwapOutStart: storeSwapOutStart: Begin SwapOut 'https://emeacmsd.acms.com/common/intro/test.swf' to dirno -1, fileno FFFFFFFF
2017/06/05 14:18:06.175 kid1| 73,3| HttpRequest.cc(689) storeId: sent back canonicalUrl:https://emeacmsd.acms.com/common/intro/test.swf
2017/06/05 14:18:06.175 kid1| 20,3| store_swapmeta.cc(54) storeSwapMetaBuild: storeSwapMetaBuild URL: https://emeacmsd.acms.com/common/intro/test.swf
2017/06/05 14:18:06.175 kid1| 20,2| store_io.cc(42) storeCreate: storeCreate: Selected dir 0 for e:=w1p2DV/0x80d8d2e8*4
2017/06/05 14:18:06.175 kid1| 79,3| ufs/UFSStrategy.cc(100) create: fileno 0000002D
2017/06/05 14:18:06.175 kid1| 79,3| DiskIO/DiskDaemon/DiskdFile.cc(40) DiskdFile: DiskdFile::DiskdFile: /var/cache/squid.test/00/00/0000002D
2017/06/05 14:18:06.175 kid1| 79,3| DiskIO/DiskDaemon/DiskdFile.cc(86) create: DiskdFile::create: 0x80e08bf0 creating for 0x80e0585c
2017/06/05 14:18:06.175 kid1| 47,4| ufs/UFSSwapDir.cc(1206) replacementAdd: added node 0x80d8d2e8 to dir 0
2017/06/05 14:18:06.175 kid1| 20,3| store.cc(484) lock: storeSwapOutStart locked key B04729E56EF0FD97349B176C475C4F1B e:=w1p2DV/0x80d8d2e8*5
2017/06/05 14:18:06.175 kid1| 79,3| ufs/UFSStoreState.cc(161) write: UFSStoreState::write: dirn 0, fileno 0000002D
2017/06/05 14:18:06.175 kid1| 79,3| ufs/UFSStoreState.cc(469) queueWrite: 0x80e05828 UFSStoreState::queueWrite: queueing write of size 125
2017/06/05 14:18:06.175 kid1| 79,3| ufs/UFSStoreState.cc(184) doWrite: 0x80e05828 UFSStoreState::doWrite
2017/06/05 14:18:06.175 kid1| 79,3| ufs/UFSStoreState.cc(219) doWrite: 0x80e05828 calling theFile->write(125)
2017/06/05 14:18:06.175 kid1| 79,3| DiskIO/DiskDaemon/DiskdFile.cc(278) write: DiskdFile::write: this 0x80e08bf0, buf 0x80e05480, off 0, len 125
2017/06/05 14:18:06.175 kid1| 20,3| store_swapout.cc(132) doPages: storeSwapOut: swap_buf_len = 4096
2017/06/05 14:18:06.175 kid1| 20,3| store_swapout.cc(136) doPages: storeSwapOut: swapping out 4096 bytes from 0
2017/06/05 14:18:06.175 kid1| 79,3| ufs/UFSStoreState.cc(161) write: UFSStoreState::write: dirn 0, fileno 0000002D
2017/06/05 14:18:06.175 kid1| 79,3| ufs/UFSStoreState.cc(469) queueWrite: 0x80e05828 UFSStoreState::queueWrite: queueing write of size 4096
2017/06/05 14:18:06.175 kid1| 79,3| ufs/UFSStoreState.cc(184) doWrite: 0x80e05828 UFSStoreState::doWrite
2017/06/05 14:18:06.175 kid1| 79,3| ufs/UFSStoreState.cc(219) doWrite: 0x80e05828 calling theFile->write(4096)
2017/06/05 14:18:06.175 kid1| 79,3| DiskIO/DiskDaemon/DiskdFile.cc(278) write: DiskdFile::write: this 0x80e08bf0, buf 0x80daa56c, off -1, len 4096
2017/06/05 14:18:06.175 kid1| 20,3| store_swapout.cc(132) doPages: storeSwapOut: swap_buf_len = 4096
2017/06/05 14:18:06.175 kid1| 20,3| store_swapout.cc(136) doPages: storeSwapOut: swapping out 4096 bytes from 4096
2017/06/05 14:18:06.175 kid1| 79,3| ufs/UFSStoreState.cc(161) write: UFSStoreState::write: dirn 0, fileno 0000002D
2017/06/05 14:18:06.175 kid1| 79,3| ufs/UFSStoreState.cc(469) queueWrite: 0x80e05828 UFSStoreState::queueWrite: queueing write of size 4096
2017/06/05 14:18:06.176 kid1| 79,3| ufs/UFSStoreState.cc(184) doWrite: 0x80e05828 UFSStoreState::doWrite
2017/06/05 14:18:06.176 kid1| 79,3| ufs/UFSStoreState.cc(219) doWrite: 0x80e05828 calling theFile->write(4096)
2017/06/05 14:18:06.176 kid1| 79,3| DiskIO/DiskDaemon/DiskdFile.cc(278) write: DiskdFile::write: this 0x80e08bf0, buf 0x80da954c, off -1, len 4096
2017/06/05 14:18:06.176 kid1| 90,3| store_client.cc(732) invokeHandlers: InvokeHandlers: B04729E56EF0FD97349B176C475C4F1B
2017/06/05 14:18:06.176 kid1| 90,3| store_client.cc(738) invokeHandlers: StoreEntry::InvokeHandlers: checking client #0
2017/06/05 14:18:06.176 kid1| 11,3| http.cc(1054) persistentConnStatus: local=10.215.145.187:60291 remote=54.247.125.57:443 FD 15 flags=25 eof=0
2017/06/05 14:18:06.176 kid1| 11,5| http.cc(1074) persistentConnStatus: persistentConnStatus: content_length=492826
2017/06/05 14:18:06.176 kid1| 11,5| http.cc(1078) persistentConnStatus: persistentConnStatus: clen=492826
2017/06/05 14:18:06.176 kid1| 11,5| http.cc(1091) persistentConnStatus: persistentConnStatus: body_bytes_read=8192 content_length=492826
2017/06/05 14:18:06.176 kid1| 11,5| http.cc(1428) processReplyBody: processReplyBody: INCOMPLETE_MSG from local=10.215.145.187:60291 remote=54.247.125.57:443 FD 15 flags=25

Any ideas?

Vieri


More information about the squid-users mailing list