[squid-users] Pages sometimes load as a mess of random (?) symbols

Grey wehategrey at gmail.com
Thu Oct 5 09:32:03 UTC 2017


Firstly, thanks a lot for taking the time to check my configuration and
provide such detailed suggestions; I think I've followed all of them and
fixed the problems you pointed out.
We have a Windows domain and all those "all" directives where inherited from
our old proxy server (running Squid verson 3.1.20) and were used to let
domain users not receive any popups asking for credentials, while at the
same time presenting those credentials requests to non-domain users; if I'm
understanding your comments correctly I can safely remove them and get the
same result, am I right?
We were having an issue with authentication too, where domain users
sometimes received a popup asking for credentials (shouldn't happen since I
have only enabled kerberos auth) and would need to click "Cancel" and reload
the page to resume browsing correctly; could the presence of all those "all"
directives have caused that too in your opinion?

The new configuration should result in this if I didn't miss/misunderstand
anything (I've addedd a whitelist rule that I missed earlier):

### TESTSQUID1 ###

http_port 3128
dns_v4_first on
pinger_enable off
netdb_filename none

error_default_language it
cache_mgr helpdesk at test.it

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -r -d
auth_param negotiate children 150
auth_param negotiate children 150 startup=20 idle=10
auth_param negotiate keep_alive on

external_acl_type ProxyUser children-max=75 %LOGIN
/usr/lib/squid/ext_kerberos_ldap_group_acl -g INTERNET at TEST.LOCAL -D
TEST.LOCAL -S testldap
acl ProxyUser external ProxyUser

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny manager

acl destsquid dstdomain .testsquid1 .testsquid2
http_access allow destsquid

acl siti_whitelist dstdomain "/etc/squid/siti_whitelist"

acl AUTH proxy_auth REQUIRED
http_access deny !AUTH

http_access allow siti_whitelist
http_access allow ProxyUser
http_access deny all

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_req reqmod_precache bypass=1
icap://testicap:1344/REQ-Service
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=0
icap://testicap:1344/resp
adaptation_access service_resp allow all

coredump_dir /var/spool/squid

refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

Getting back to the main problem, i've set "icap_enable off" and reloaded
Squid, then tried again and got the same problem; since we're not using any
cache parent and Squid isn't using ICAP at the moment, can I assume there's
nothing else I can do and just have to ignore the problem?
The thing that bugs me is that only Chrome seems to be having this
particular problem... could this even be something linked to a bug or a
simple behaviour difference between Chrome and IE/Firefox?
Thanks again for all your patience :)



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


More information about the squid-users mailing list