[squid-users] no response from the proxy squid parent

yannick.rousseau at tutanota.com yannick.rousseau at tutanota.com
Sat Jun 27 02:24:04 UTC 2020


Hi, 

Here's one more clue (thank's wireshark):

-> When I try to surf on the Net with client's firefox configued (manual proxy configuration) with the ip and port of the parent proxy, it's ok :
58	5.940721294	172.16.103.101	172.16.103.254	HTTP	255	CONNECT www.google.com:443 <http://www.google.com:443> HTTP/1.1
62	6.046854511	172.16.103.254	172.16.103.101	HTTP	75	HTTP/1.1 200 Connection established

-> When I configure firefox to use system proxy settings , it doesn't work:
35	4.798844976	172.16.103.101	172.16.103.254	HTTP	265	GET http://172.16.103.254:3128/squid-internal-dynamic/netdb HTTP/1.1
47	4.800699191	172.16.103.254	172.16.103.101	HTTP	890	HTTP/1.1 403 Forbidden  (text/html)

I think I'm going to disable  netdb by adding  no-netdb-exchange in my conf. 
And by the way, what's the difference between CONNECT and GET ?

Yannick

 
-- 
 Envoi sécurisé avec Tutanota. Obtenez votre propre adresse email chiffrée : 
 https://tutanota.com


26 juin 2020 à 07:11 de squid3 at treenet.co.nz:

> On 24/06/20 7:27 am, yannick.rousseau at tutanota.com wrote:
>
>> Hi, 
>>
>> I'm using squid (4.6) on my server (debianedu buster LTSP), and I'm
>> trying to configure a parent proxy.
>>
>> At first, when I configure the client's firefox (manual proxy
>> configuration) with the ip and port of the parent proxy, it's ok, I can
>> surf on the internet. 
>>
>> But I would like to configure my server's Squid Proxy to forward to a
>> parent proxy (172.16.103.254:3128)
>> -> So I add these two lines at the end of squid.conf:
>> cache_peer 172.16.103.254 parent 3128 0 no-query no-digest
>> never_direct allow all
>>
>> -> And restart squid. It seems to be ok:
>> # cat /var/log/squid/cache.log
>> (.....)
>> 2020/06/23 09:51:12 kid1| Configuring Parent 172.16.103.254/3128/0
>> (....)
>>
>> -> Then I configure firefox to use system proxy settings, but when I try
>> to google something or visit debian-fr.org, it doesn't work (no reponse
>> from the proxy).
>>
>
> That is odd. The log shows a 403 response being delivered by the parent
> proxy and delivered to Firefox.
>
> Browsers refuse to display proxy responses on CONNECT requests. So the
> first is expected. But the second one using http:// should be shown.
>
>
>> But my squid's configuration seems to be ok:
>> # cat /var/log/squid/access.log
>> (....)
>> 1592921221.753    138 10.0.2.2 TCP_TUNNEL/403 361
>> CONNECT www.google.com:443 <http://www.google.com:443/> -
>> FIRSTUP_PARENT/172.16.103.254 -
>> 1592921275.641    521 10.0.2.2 TCP_MISS/403 4289
>> GET http://www.debian-fr.org/ - FIRSTUP_PARENT/172.16.103.254 text/html
>> 1592921275.692      0 10.0.2.2 TCP_HIT/200 13072 GET
>> (...)
>>
>> Is it possible that the squid parent refuse to have "a child" ?
>>
>
> Maybe. You will need to know the parent proxy configuration to tell
> that. All that is visible from the detail you have shown is that parent
> proxy has forbidden the requests it is receiving.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200627/1ddabb15/attachment.html>


More information about the squid-users mailing list