[squid-users] Upstream Proxy
Johnathan Hasty
Johnathan.Hasty at uncommonschools.org
Fri Jul 15 13:51:25 UTC 2022
Hello,
I've been trying to hand off credentials to our upstream proxy GoGuardian and have been facing many issues. GG is not very helpful and keeps pushing to use their Windows client, however if they support MDMs for mobile devices why wouldn't Squid work?
Has anyone gotten Squid to successfully hand off to GoGuardian as their upstream proxy?
Advanced ACLs:
cache_peer gateway.goguardian.com parent 443 0 no-query no-digest no-netdb-exchange connect-timeout=60 default tls login=NEGOTIATE:principal_name sslcapath=/usr/local/share/ca-certificates/
cache_peer_access gateway.goguardian.com allow all
never_direct allow all
Log snipit:
2022/06/30 15:22:49.198 kid1| 5,3| IoCallback.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fIoCallback.cc&c=E,1,tkT-dyHiVAqZoP7tVfxLk3RVYLyb_avXd27fXGqjJMTzNKPAGHmmvW9pXYcC425jST0ZYFFPwV4uHf3fKHuux40xkg9kXWTzOHPdGV5BNGbILyA,&typo=1&ancr_add=1>(112) finish: called for conn2126 local=10.56.1.3:59674<http://10.56.1.3:59674> remote=18.213.126.143:443<http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1 (0, 0)
2022/06/30 15:22:49.198 kid1| 93,3| AsyncCall.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fAsyncCall.cc&c=E,1,DRAaKArrkDvBn0UuKG4CO_yXvblIrZBSYHpMpA4H7oRhEraoEzGxMCRwZJpYUsTM63vFW1Co7R0A33jgXq0EZyS1JcelCRUFXLjE5tQ-siWuoU0bbvc,&typo=1&ancr_add=1>(96) ScheduleCall: IoCallback.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fIoCallback.cc&c=E,1,bCxz0FVR5jkr6lvnOvzW7e6G8tQBNRlVCCbel3ASQC74rRdj29Wxcj66G7Jit7W9Qdbz8catGFZxEEbA6bR1lmzxqhKOAxPRfaraHkB0Kq0,&typo=1&ancr_add=1>(131) will call Http::Tunneler::handleReadyRead(conn2126 local=10.56.1.3:59674<http://10.56.1.3:59674> remote=18.213.126.143:443<http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1, data=0x55849f4926c8) [call548666]
2022/06/30 15:22:49.198 kid1| 93,3| AsyncCallQueue.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fAsyncCallQueue.cc&c=E,1,Ne0y7JJW7fBc_1MyCR5zK2LlFshqIfjXRI-DDHdH5PeY44sZtFyGkRMXgYLpMqHYj17Z8PToa57tNyAfAp6EUkVwM3SHgK37ObzCJYBj&typo=1&ancr_add=1>(59) fireNext: entering Http::Tunneler::handleReadyRead(conn2126 local=10.56.1.3:59674<http://10.56.1.3:59674> remote=18.213.126.143:443<http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1, data=0x55849f4926c8)
2022/06/30 15:22:49.198 kid1| 93,3| AsyncCall.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fAsyncCall.cc&c=E,1,o0OzDC7879yEvRQoXyqb11XnNW2f6RJwmh1OP5vYSK4ukmnOFcBmRwtorjA94HFXF2MO38TdGcH68cNv4LkX122TcPK1Gwh5xQXTTnzhZCk0N4c,&typo=1&ancr_add=1>(41) make: make call Http::Tunneler::handleReadyRead [call548666]
2022/06/30 15:22:49.198 kid1| 93,3| AsyncJob.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fAsyncJob.cc&c=E,1,0XdqwD1hHo1N94DousFFhRiwV1YBiWmgmGgnmN3ivpK14dkV-pET6DcSkS2X_BoPOU0rcff0Z8GMOM6Se71G_crDtF1V4AWKNym2mjdbxuqKI47TC0GqeVQ,&typo=1&ancr_add=1>(123) callStart: Http::Tunneler status in: [state:w FD 24 job3836]
2022/06/30 15:22:49.198 kid1| 83,3| Session.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fSession.cc&c=E,1,5pwOO8oysGpMl2UW2Xm5P9KkR_3HsM1xcAdWaqJ5W67u3ht9dZCWWqKu-yt1JrDyn7NvUNMMfVsPhYQQ6rNYqmGGLwDuReUm7h6KmDVvRXk9hFQ,&typo=1&ancr_add=1>(36) tls_read_method: started for session=0x55849f86d970
2022/06/30 15:22:49.198 kid1| 5,3| Read.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fRead.cc&c=E,1,YRndcJz2bAhwR1PdmoQI8sRvkmjGdcO5EIyIIpp4iqwmuG7h-eaf-3lfNBR39-ZO7iGAxJ7K0S_cHbSgNtNlm0fjWnm8WFDq58f6THu4DI699rCS7t0,&typo=1&ancr_add=1>(93) ReadNow: conn2126 local=10.56.1.3:59674<http://10.56.1.3:59674> remote=18.213.126.143:443<http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1, size 65535, retval 172, errno 0
2022/06/30 15:22:49.198 kid1| 11,2| HttpTunneler.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fHttpTunneler.cc&c=E,1,7NW0kgZsy7tR63h5jeGLIfWqkf7MZMOiNKoehdSMu4P8C_Cyj5_2ApYRUA6cZWFOqSGAjikQJc_BpXOW4-kzssgabw7mHmj9JehJw69jCPqdH0f2XA,,&typo=1&ancr_add=1>(328) handleResponse: Tunnel Server conn2126 local=10.56.1.3:59674<http://10.56.1.3:59674> remote=18.213.126.143:443<http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1
2022/06/30 15:22:49.198 kid1| 11,2| HttpTunneler.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fHttpTunneler.cc&c=E,1,3NizLysV5Gx9r_j5gTGoxUw_3T9zdjGtQ-DV4EhtvlwXKEzULXHluYnJByOJiEPPnVnNQqchSO6-31x_mXrtC-9VAHF1Rvi3G4KI9KdJOjbjUelpts2rPuVSNQ,,&typo=1&ancr_add=1>(329) handleResponse: Tunnel Server RESPONSE:
---------
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Secure Browsing"
Date: Thu, 30 Jun 2022 15:22:49 GMT
Content-Length: 0
Connection: close
----------
2022/06/30 15:22:49.198 kid1| 83,3| HttpTunneler.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fHttpTunneler.cc&c=E,1,GviZgdhx9RYhEwKjYE8dVgxbEl8iol-igCMYAgae4yqcKPIFswYtt6EwZhF84hnL-ef9RpuZwEHsx85Xll9B5Gfbg7d2dHfIF34rKZsAxv6qOdMumpxPDQ,,&typo=1&ancr_add=1>(350) bailOnResponseError: unsupported CONNECT response status code [state:w FD 24 job3836]
2022/06/30 15:22:49.198 kid1| TCP connection to gateway.goguardian.com/443<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fgateway.goguardian.com%2f443&c=E,1,uAPXOfc9RgeMJ4nUQAbfSdcSO5Uq43sRY-gZmY85itIayxn-UVioUUW3XRszjHa-yYb6rECJlsja0UO3JoB46gLeuYZSjXkRbee8lCx9qDg8UMVty1UFtdYA&typo=1> failed
current master transaction: master1228
2022/06/30 15:22:49.198 kid1| 15,2| neighbors.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fneighbors.cc&c=E,1,A9XtxL5DCKCd251CIXugkhx4aCzF9hXbpTke-TobSR1fyAJvDoqwTFq1cEcOoZJtiMbGKIRMTAdNo4BJFSkXvu8VJe16TUWacR3bLvbydug1knZSGkBYCZ0,&typo=1&ancr_add=1>(1284) peerConnectFailedSilent: TCP connection to gateway.goguardian.com/443<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fgateway.goguardian.com%2f443&c=E,1,dGVDR_a1JorHZeL7cCLZZYEKPcdKNP8q3xqZrI0znu3mp7ytE8irVnBC73FhdcWJ5M0-LWIn2Mn0GzYRz6V0M_GYqDtl_rvKTY_dWhrXIAFI1UpgdRqKz0hp&typo=1> dead
2022/06/30 15:22:49.198 kid1| 5,3| comm.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcomm.cc&c=E,1,_FSTyaiA0rkYHZ4Z7eAL4TwtVx69LC8zbzD277h9yuyffbapL47ZpB_oWH20eRbFct1TQy0vmI_r1caTRPIqNuxhiZ7iYIATofZyGH8m1ZkJn-_Pj74,&typo=1&ancr_add=1>(597) commUnsetConnTimeout: Remove timeout for conn2126 local=10.56.1.3:59674<http://10.56.1.3:59674> remote=18.213.126.143:443<http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1
2022/06/30 15:22:49.198 kid1| 5,3| comm.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcomm.cc&c=E,1,2X_UeJ7syPVMh46zfITvmAcOXeJskvfXEcgk8IyJC4YzRQfPu92bh2NzVodZ0n4ZRK7THXkr0YSUqM7xqyqJCvdnyd9FAu6HfF5w6S0BZI45WZI8zKdCZe8,&typo=1&ancr_add=1>(571) commSetConnTimeout: conn2126 local=10.56.1.3:59674<http://10.56.1.3:59674> remote=18.213.126.143:443<http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1 timeout -1
2022/06/30 15:22:49.198 kid1| 5,3| comm.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcomm.cc&c=E,1,FfkOe7rgvl24KtYbMnfkVwBEdxcDHC1Qli-TWnd49Qh8gDEi83POkLUjbin88NBj9wz0eUa5EXJAjwxomX4QO4zLvkDabeKXKYlG6AdnYeWwBQX65a999EDQfHg,&typo=1&ancr_add=1>(877) _comm_close: start closing FD 24 by Connection.cc:108<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fConnection.cc%3a108&c=E,1,WyC_uIlGcAERUMOzZEzNpvTD0VNtdyMCu8_98mxi45Tfb8tS1Sk-xPVV7uo29dppxC6E7neNtZYKqy1MhMyuLt8f0VUXYaTTfg2ke0mgXESQjraUm9zxRlRV&typo=1&ancr_add=1>
2022/06/30 15:22:49.198 kid1| 5,3| comm.cc<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcomm.cc&c=E,1,3Gy87egR90ZnusSy5exBZU0res4kBdHXTtCKE_jPDFJ67k-PY9AWyJYQlbMs93MRcEX4tmriDwIFkUn6n7F57YT-OWPTUDgMXKLJDMijoQr3ETZ_4qmLyO3mxoc,&typo=1&ancr_add=1>(558) commUnsetFdTimeout: Remove timeout for FD 24
Best Regards,
Johnathan
_______________________________________________________
Johnathan Hasty
Senior DevOps Engineer
Uncommon Schools
C: 989.366.1672
Uncommon Schools | Change History
Website<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.uncommonschools.org%2f&c=E,1,cWhZ9NA37cAb3SSkIYkr5EbwjBXA_1ECEBWI1BpFOMixjdXiqIYF5NH_rpjuRqGzBt9Av6GCLPt7UYFH62vFjyLlBBvmIAwJtSORWZeE&typo=1> | Facebook<http://www.facebook.com/uncommonschools> | Twitter<http://www.twitter.com/uncommonschools> | LinkedIn<http://www.linkedin.com/company/124759?trk=tyah> | Apply Now<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.uncommonschools.org%2fcareers&c=E,1,rgbpQND7NOQlb8Jv2r2mLOBnCdzuRSxPkW0uIyooMP2TwhUotzeHZQjvRKQyUr3gDLWXSyG1jhOH92Ub7jL9_5wTQc42_HkbPCyQS5oyArE,&typo=1>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220715/c95d2906/attachment-0001.htm>
More information about the squid-users
mailing list