<div dir="ltr">When I configure the browser to manually use proxy, the pages fail to load and here is what I get:<div><br></div><div><div>root@mail:/opt/squid-3.5.2/etc # tail -f /usr/local/squid/logs/access.log | grep 192.168.2.2</div><div>1424434499.542 1411 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434499.542 111 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434499.542 361 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434499.542 592 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434499.543 1025 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434499.553 1 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434499.553 1 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434499.553 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434499.555 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434499.560 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434499.658 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434501.789 459 192.168.2.2 TAG_NONE/409 4309 CONNECT <a href="http://mail.google.com:443">mail.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434502.053 0 192.168.2.2 TAG_NONE/409 4309 CONNECT <a href="http://mail.google.com:443">mail.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434507.086 0 192.168.2.2 TAG_NONE/409 4309 CONNECT <a href="http://mail.google.com:443">mail.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434537.127 0 192.168.2.2 TAG_NONE/409 4309 CONNECT <a href="http://mail.google.com:443">mail.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434538.527 2 192.168.2.254 TCP_MISS/403 4246 GET <a href="http://www.gstatic.com/generate_204">http://www.gstatic.com/generate_204</a> - HIER_NONE/- text/html</div><div>1424434538.527 1401 192.168.2.2 TCP_MISS/403 4339 GET <a href="http://www.gstatic.com/generate_204">http://www.gstatic.com/generate_204</a> - ORIGINAL_DST/<a href="http://192.168.2.254">192.168.2.254</a> text/html</div><div>1424434541.027 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434541.166 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434541.325 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434541.465 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434541.791 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434542.091 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434542.185 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434542.297 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434542.490 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434542.680 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434542.845 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434543.036 0 192.168.2.2 TAG_NONE/409 4306 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> - HIER_NONE/- text/html</div><div>1424434543.258 205 192.168.2.2 TAG_NONE/409 4300 CONNECT <a href="http://facebook.com:443">facebook.com:443</a> - HIER_NONE/- text/html</div><div>1424434543.324 0 192.168.2.2 TAG_NONE/409 4300 CONNECT <a href="http://facebook.com:443">facebook.com:443</a> - HIER_NONE/- text/html</div><div>1424434544.384 0 192.168.2.2 TAG_NONE/409 4300 CONNECT <a href="http://facebook.com:443">facebook.com:443</a> - HIER_NONE/- text/html</div><div>1424434544.596 0 192.168.2.2 TAG_NONE/409 4300 CONNECT <a href="http://facebook.com:443">facebook.com:443</a> - HIER_NONE/- text/html</div><div>1424434549.609 0 192.168.2.2 TAG_NONE/409 4300 CONNECT <a href="http://facebook.com:443">facebook.com:443</a> - HIER_NONE/- text/html</div></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 20 February 2015 at 15:05, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 21/02/2015 12:35 a.m., Odhiambo Washington wrote:<br>
> On 20 February 2015 at 13:57, Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>> wrote:<br>
><br>
>> On 20/02/2015 10:09 p.m., Odhiambo Washington wrote:<br>
>>> On 20 February 2015 at 04:15, Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>><br>
>> wrote:<br>
>>><br>
>>>> On 20/02/2015 5:15 a.m., Odhiambo Washington wrote:<br>
>>>>> On 19 February 2015 at 15:12, Odhiambo Washington <<a href="mailto:odhiambo@gmail.com">odhiambo@gmail.com</a>><br>
>>>>> wrote:<br>
>>>>><br>
>>>>>> Hi Amos,<br>
>>>>>><br>
>>>>>> I did see that thread. However, the discussion was still continuing<br>
>>>> then.<br>
>>>>>><br>
>>>>>><br>
>>>>>> I will apply it to my server and see.<br>
>>>>>><br>
>>>>>> Reporting back today!<br>
>>>>>><br>
>>>>>><br>
>>>>>><br>
>>>>>> On 19 February 2015 at 14:07, Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>><br>
>>>> wrote:<br>
>>>>>><br>
>>>>>>> On 19/02/2015 10:49 p.m., Odhiambo Washington wrote:<br>
>>>>>>>> I have been hoping that 3.5.2 would possibly help address my<br>
>> problems<br>
>>>>>>> with<br>
>>>>>>>> ACLs, but alas!<br>
>>>>>>><br>
>>>>>>> Ah, I thought you saw this announcement made just after your last<br>
>>>>>>> message in Jan:<br>
>>>>>>><br>
>>>>>>> <<br>
>>>>>>><br>
>>>><br>
>> <a href="http://lists.squid-cache.org/pipermail/squid-users/2015-January/001745.html" target="_blank">http://lists.squid-cache.org/pipermail/squid-users/2015-January/001745.html</a><br>
>>>>>>>><br>
>>>>>>><br>
>>>>>>> Its sounds very much like what your last few threads have been<br>
>>>>>>> describing as happening. Signal handling issues will affect all the<br>
>>>>>>> squid -k operations.<br>
>>>>>>><br>
>>>>>>> Amos<br>
>>>>>>><br>
>>>>>><br>
>>>>><br>
>>>>> I have compiled a custom kernel after applying this patch mentioned in<br>
>>>> that<br>
>>>>> thread.<br>
>>>><br>
>>>> Er. There were two patches mentioned as being applied in the FreeBSD<br>
>>>> mail and bug reports.<br>
>>>><br>
>>>>><br>
>>>>> wash@mail:~$ uname -a<br>
>>>>> FreeBSD <a href="http://mail.ili.or.ug" target="_blank">mail.ili.or.ug</a> 10.1-RELEASE-p5 FreeBSD 10.1-RELEASE-p5 #4: Thu<br>
>>>> Feb<br>
>>>>> 19 16:55:56 EAT 2015 root@mail.ili.or.ug:/usr/obj/usr/src/sys<br>
>>>>> /BEASTIE-10.x amd64<br>
>>>>><br>
>>>>><br>
>>>>> However, my issues still persist.<br>
>>>>><br>
>>>>> root@mail:/opt # /opt/squid-3.5.2/sbin/squid -k reconfigure<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>>>><br>
>>>>><br>
>>>>> Would this then suggest there is a problem with my squid.conf<br>
>>>>> <<a href="http://pastebin.com/wwwcnHnF" target="_blank">http://pastebin.com/wwwcnHnF</a>> ?<br>
>>>>><br>
>>>>> Or the FreeBSD problem isn't quite solved?<br>
>>>>><br>
>>>><br>
>>>> Could you re-state what the problem is?<br>
>>>><br>
>>>> Now your pastebin is expired all we have on record about this problems<br>
>>>> is the sentence: "it's crashing with errors as seen from <DEAD URL>"<br>
>>>><br>
>>><br>
>>><br>
>>> Generally, Squid seems to partially ignore my time-based ACLS as seen in<br>
>>> the squid.conf<br>
>>><br>
>><br>
>> Oh. I thought you were talking about crashes still since you keep<br>
>> posting that -k reconfigure output (its odd, but only in that it should<br>
>> not be that visible).<br>
>><br>
>><br>
>><br>
>>> It would block one site but allow the others. I expect a standard<br>
>> blocking<br>
>>> within the specied time.<br>
>>><br>
>>> I have not been able to figure out why.<br>
>>><br>
>>> For instance, my ACL for TIMEWASTAGESITED contains .<a href="http://facebook.com" target="_blank">facebook.com</a>, .<br>
>> <a href="http://gmail.com" target="_blank">gmail.com</a><br>
>>> and .<a href="http://youtube.com" target="_blank">youtube.com</a> as dstdomains.<br>
>>><br>
>>> I find that <a href="http://youtube.com" target="_blank">youtube.com</a> is blocked while <a href="http://facebook.com" target="_blank">facebook.com</a> is not blocked.<br>
>> Both<br>
>>> should be blocked at this time (11:58)<br>
>>><br>
>>> root@mail:/opt/squid-3.5.2/etc # tail -f<br>
>> /usr/local/squid/logs/access.log |<br>
>>> grep DENIED<br>
>>> 1424422669.545 456 192.168.2.2 TCP_DENIED/403 4345 GET<br>
>>> <a href="http://youtube.com/" target="_blank">http://youtube.com/</a> - HIER_NONE/- text/html<br>
>>> 1424422671.910 1 192.168.2.2 TCP_DENIED/403 4291 GET<br>
>>> <a href="http://youtube.com/favicon.ico" target="_blank">http://youtube.com/favicon.ico</a> - HIER_NONE/- text/html<br>
>>><br>
>>> root@mail:/opt/squid-3.5.2/etc # tail -f<br>
>> /usr/local/squid/logs/access.log |<br>
>>> grep 192.168.2.2<br>
>>> 1424422669.545 456 192.168.2.2 TCP_DENIED/403 4345 GET<br>
>>> <a href="http://youtube.com/" target="_blank">http://youtube.com/</a> - HIER_NONE/- text/html<br>
>>> 1424422671.910 1 192.168.2.2 TCP_DENIED/403 4291 GET<br>
>>> <a href="http://youtube.com/favicon.ico" target="_blank">http://youtube.com/favicon.ico</a> - HIER_NONE/- text/html<br>
>>> 1424422710.537 863 192.168.2.2 TCP_MISS/400 372 POST<br>
>>> <a href="http://bench.utorrent.com/e?i=36" target="_blank">http://bench.utorrent.com/e?i=36</a> - ORIGINAL_DST/<a href="http://54.221.228.66" target="_blank">54.221.228.66</a> text/html<br>
>>> 1424422710.578 903 192.168.2.2 TCP_MISS/400 372 POST<br>
>>> <a href="http://bench.utorrent.com/e?i=36" target="_blank">http://bench.utorrent.com/e?i=36</a> - ORIGINAL_DST/<a href="http://54.197.243.221" target="_blank">54.197.243.221</a> text/html<br>
>>> 1424422755.202 1239 192.168.2.2 TCP_MISS/200 280 POST<br>
>>> <a href="http://bench.utorrent.com/e?i=20" target="_blank">http://bench.utorrent.com/e?i=20</a> - ORIGINAL_DST/<a href="http://54.243.183.178" target="_blank">54.243.183.178</a> text/html<br>
>>> 1424422756.602 846 192.168.2.2 TCP_MISS/200 1016 GET<br>
>>> <a href="http://cdn.ap.bittorrent.com/control/feature/tags/ut.json" target="_blank">http://cdn.ap.bittorrent.com/control/feature/tags/ut.json</a> -<br>
>> ORIGINAL_DST/<br>
>>> 54.230.128.<br>
>>> 193 application/json<br>
>>> 1424422895.279 593 192.168.2.2 TCP_MISS/404 1792 GET<br>
>>> <a href="http://www.gstatic.com/chrome/profile_avatars/NothingToDownload" target="_blank">http://www.gstatic.com/chrome/profile_avatars/NothingToDownload</a> -<br>
>>> ORIGINAL_DST/196.0<br>
>>> .3.114 text/html<br>
>>><br>
>>><br>
>>> The odd part:<br>
>>><br>
>>> While <a href="http://facebook.com" target="_blank">facebook.com</a> and <a href="http://gmail.com" target="_blank">gmail.com</a> are accessible, nothing appears at all<br>
>> in<br>
>>> the access.log and cache.log (debug mode) about them yet this is an<br>
>>> intercept proxy. The sites just load. No log enties:(<br>
>><br>
>> The browser is maybe ...<br>
>> - not using the proxy for them at all (QUIC or WebSockets protocol), or<br>
>><br>
><br>
> I am using Google Chrome on Windows. Pretty vanilla Chrome so that's not<br>
> possible.<br>
<br>
</div></div><span class="im HOEnZb">QUIC is Googles' latest experimental protocol trying to replace HTTP. So<br>
it more possible with Chrome visiting Google sites than on any other<br>
traffic.<br>
<br>
<br>
><br>
</span><div class="HOEnZb"><div class="h5">>> - using a CONNECT tunnel which will only appear when its closed (HTTPS<br>
>> SPDY, HTTP/2), or<br>
>> - using a domain you dont have listed ("Google" services are actually<br>
>> *.<a href="http://1e100.net" target="_blank">1e100.net</a> and "Facebook" is actually *.<a href="http://fbcdn.net" target="_blank">fbcdn.net</a>).<br>
>><br>
><br>
> I see none of such entries in the logs<br>
><br>
><br>
>> NP: If they are using SPDY or HTTP/2 within a CONNECT tunnel it may be<br>
>> used for a day or so without anything appearing in the log.<br>
>><br>
>><br>
> There I am lost completey.<br>
><br>
><br>
><br>
>> Check your cachemgr active_requests report to see if there is CONNECT to<br>
>> facebook or gmail active. They may have been opened before your block<br>
>> period and stay open into it.<br>
>><br>
>><br>
> root@mail:/opt/squid-3.5.2/etc # /opt/squid-3.5.2/bin/squidclient -h<br>
> localhost -p 13128 cache_object://localhost/ mgr:active_requests<br>
> HTTP/1.1 200 OK<br>
> Server: squid<br>
> Mime-Version: 1.0<br>
> Date: Fri, 20 Feb 2015 11:35:17 GMT<br>
> Content-Type: text/plain;charset=utf-8<br>
> Expires: Fri, 20 Feb 2015 11:35:17 GMT<br>
> Last-Modified: Fri, 20 Feb 2015 11:35:17 GMT<br>
> X-Cache: MISS from aardvark<br>
> X-Cache-Lookup: MISS from aardvark:13127<br>
> Via: 1.1 aardvark (squid)<br>
> Connection: close<br>
><br>
> Connection: 0x809319418<br>
> FD 13, read 137, wrote 0<br>
> FD desc: Reading next request<br>
> in: buf 0x809c9c600, used 137, free 374<br>
> remote: <a href="http://127.0.0.1:29252" target="_blank">127.0.0.1:29252</a><br>
> local: <a href="http://127.0.0.1:13128" target="_blank">127.0.0.1:13128</a><br>
> nrequests: 1<br>
> uri cache_object://localhost/active_requests<br>
> logType TCP_MISS<br>
> out.offset 0, out.size 0<br>
> req_sz 137<br>
> entry 0x80a2c3c80/7C63DF06F8D015F656D5D9CA81CF8BDE<br>
> start 1424432117.586294 (0.000978 seconds ago)<br>
> username -<br>
> delay_pool 0<br>
><br>
> That's all I see....<br>
><br>
<br>
</div></div><div class="HOEnZb"><div class="h5">Okay. The only answer left is that the browser is NOT using the proxy.<br>
<br>
Amos<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254733744121/+254722743223<br>"I can't hear you -- I'm using the scrambler."<br></div>
</div>