<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">I see a few issues.<br>
<br>
1. The report from the log shows a 192.168.*.* address, common LAN
IP<br>
<br>
Then in the squid.conf:<br>
2. You have wvdial destination as 10.1.*.* addresses, which is a
completely different internal network.<br>
Typically there will be no internal routing or communication from
a 192.168..*.* address to/from a 10.*.*.* address without a custom
routing server with 2 network connections, one from each IP set
and to act as the DNS intermediary for routing. Otherwise for
network/internet connections, the computer/browser sees its own IP
as local network, and everything else including 10.*.*.* as an
external address out on the internet. I would suggest getting both
the browsing computer and the server on the same IP subset, as in
192.168.122.x or 10.1.4.x, otherwise these issues are likely to
continue. <br>
<br>
3. Next in the squid.conf is http_port which should be port number
only, no IP address, especially 0.0.0.0 which can cause conflicts
with squid 3.x versions. Best bet is use just port only, as in:
"http_port 3128" or in your case "http_port 8080", which is the
port (with server IP found in ifconfig) the browser will use to
connect through the squid server.<br>
4. The bypass local network means any IP connection attempt to a
local network IP will not use the proxy. This goes back to the 2
different IP subsets. One option is to enter a proxy exception as
10.*.*.* (if the websense server is using 10.x.x.x IP address).<br>
<br>
<br>
Mike<br>
<br>
<br>
On 7/24/2015 10:35 AM, Jagannath Naidu wrote:<br>
</div>
<blockquote
cite="mid:CA+8bHvzvh=RYRPUFV4KYmeOD6-RVqV2tTqvYM6A1Q0TFkJn2Gw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Dear List,</div>
<div><br>
</div>
<div>I have been working on this for last two weeks, but never
got it resolved. </div>
<div><br>
</div>
<div>We have a application server (SERVER) in our local network
and a desktop application (CLIENT). The application picks
proxy settings from IE. And we also have a wensense proxy
server </div>
<div><br>
</div>
<div>case 1: when there is no proxy set </div>
<div>application works. No logs in squid server access.log</div>
<div><br>
</div>
<div>case 2: when proxy ip address set and checked "bypass local
network"</div>
<div>application works. No logs in squid server access.log </div>
<div><br>
</div>
<div>case 3: when proxy ip address is set to wensense proxy
server. UNCHECKED "bypass local network"</div>
<div>application works. We dont have access to websense server
and hence we can not check logs </div>
<div><br>
</div>
<div><br>
</div>
<div>case 4: when proxy ip address is set to proxy server ip
address. UNCHECKED "bypass local network"</div>
<div>application does not work :-(. Below are the logs. </div>
<div><br>
</div>
<div><br>
</div>
<div>1437751240.149 7 192.168.122.1 TCP_MISS/404 579 GET <a
moz-do-not-send="true"
href="http://dlwvdialce.htmedia.net/UADInstall/UADPresentationLayer.application">http://dlwvdialce.htmedia.net/UADInstall/UADPresentationLayer.application</a>
- HIER_DIRECT/<a moz-do-not-send="true"
href="http://10.1.4.46">10.1.4.46</a> text/html</div>
<div>1437751240.992 94 192.168.122.1 TCP_DENIED/407 3757
CONNECT <a moz-do-not-send="true"
href="http://0.client-channel.google.com:443">0.client-channel.google.com:443</a>
- HIER_NONE/- text/html</div>
<div>1437751240.996 0 192.168.122.1 TCP_DENIED/407 4059
CONNECT <a moz-do-not-send="true"
href="http://0.client-channel.google.com:443">0.client-channel.google.com:443</a>
- HIER_NONE/- text/html</div>
<div>1437751242.327 5 192.168.122.1 TCP_MISS/404 579 GET <a
moz-do-not-send="true"
href="http://dlwvdialce.htmedia.net/UADInstall/uadprop.htm">http://dlwvdialce.htmedia.net/UADInstall/uadprop.htm</a>
- HIER_DIRECT/<a moz-do-not-send="true"
href="http://10.1.4.46">10.1.4.46</a> text/html</div>
<div>1437751244.777 1 192.168.122.1 TCP_MISS/503 4048 POST
<a moz-do-not-send="true"
href="http://cs-711-core.htmedia.net:8180/ConcertoAgentPortal/services/ConcertoAgentPortal">http://cs-711-core.htmedia.net:8180/ConcertoAgentPortal/services/ConcertoAgentPortal</a>
- HIER_NONE/- text/html</div>
<div><br>
</div>
<div>
<div>squid -v</div>
<div>Squid Cache: Version 3.3.8</div>
<div>configure options: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu' '--program-prefix='
'--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
'--infodir=/usr/share/info'
'--disable-strict-error-checking' '--exec_prefix=/usr'
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--with-logdir=$(localstatedir)/log/squid'
'--with-pidfile=$(localstatedir)/run/squid.pid'
'--disable-dependency-tracking' '--enable-eui'
'--enable-follow-x-forwarded-for' '--enable-auth'
'--enable-auth-basic=DB,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam'
'--enable-auth-ntlm=smb_lm,fake'
'--enable-auth-digest=file,LDAP,eDirectory'
'--enable-auth-negotiate=kerberos'
'--enable-external-acl-helpers=file_userip,LDAP_group,time_quota,session,unix_group,wbinfo_group'
'--enable-cache-digests'
'--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-epoll'
'--enable-icap-client' '--enable-ident-lookups'
'--enable-linux-netfilter'
'--enable-removal-policies=heap,lru' '--enable-snmp'
'--enable-ssl' '--enable-ssl-crtd'
'--enable-storeio=aufs,diskd,ufs' '--enable-wccpv2'
'--enable-esi' '--enable-ecap' '--with-aio'
'--with-default-user=squid' '--with-filedescriptors=16384'
'--with-dl' '--with-openssl' '--with-pthreads'
'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe
-Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -fpie'
'LDFLAGS=-Wl,-z,relro -pie -Wl,-z,relro -Wl,-z,now'
'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64
-mtune=generic -fpie'
'PKG_CONFIG_PATH=%{_PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig'</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>squid.conf </div>
<div><br>
</div>
<div>
<div>acl localnet src <a moz-do-not-send="true"
href="http://10.0.0.0/8">10.0.0.0/8</a> # RFC1918
possible internal network</div>
<div>acl localnet src <a moz-do-not-send="true"
href="http://172.16.0.0/12">172.16.0.0/12</a> # RFC1918
possible internal network</div>
<div>acl localnet src <a moz-do-not-send="true"
href="http://192.168.0.0/16">192.168.0.0/16</a> # RFC1918
possible internal network</div>
<div>acl localnet src fc00::/7 # RFC 4193 local private
network range</div>
<div>acl localnet src fe80::/10 # RFC 4291 link-local
(directly plugged) machines</div>
<div>acl SSL_ports port 443</div>
<div>acl Safe_ports port 80 # http</div>
<div>acl Safe_ports port 21 # ftp</div>
<div>acl Safe_ports port 443 # https</div>
<div>acl Safe_ports port 70 # gopher</div>
<div>acl Safe_ports port 210 # wais</div>
<div>acl Safe_ports port 1025-65535 # unregistered ports</div>
<div>acl Safe_ports port 280 # http-mgmt</div>
<div>acl Safe_ports port 488 # gss-http</div>
<div>acl Safe_ports port 591 # filemaker</div>
<div>acl Safe_ports port 777 # multiling http</div>
<div>acl Safe_ports port 8180</div>
<div>acl CONNECT method CONNECT</div>
<div>acl wvdial dst 10.1.4.45 10.1.4.50 10.1.4.53 10.1.4.48
10.1.4.54 10.1.4.46 10.1.4.51 10.1.4.47 10.1.4.55 10.1.4.49
10.1.4.52 10.1.2.4</div>
<div>http_access allow wvdial</div>
<div>acl dialer dstdomain .<a moz-do-not-send="true"
href="http://htmedia.net">htmedia.net</a></div>
<div>http_access allow dialer</div>
<div>http_access deny !Safe_ports</div>
<div>http_access deny CONNECT !SSL_ports</div>
<div>http_access allow localhost manager</div>
<div>http_access deny manager</div>
<div>visible_hostname = <a moz-do-not-send="true"
href="http://NOIDAPROXY01.MYDOMAIN.NET">NOIDAPROXY01.MYDOMAIN.NET</a></div>
<div>append_domain .<a moz-do-not-send="true"
href="http://mydomain.net">mydomain.net</a></div>
<div>ignore_expect_100 on</div>
<div>dns_v4_first on</div>
<div>auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp --domain=<a
moz-do-not-send="true" href="http://HTMEDIA.NET">HTMEDIA.NET</a></div>
<div>auth_param ntlm children 1000</div>
<div>auth_param ntlm keep_alive off</div>
<div>auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic</div>
<div>auth_param basic children 100</div>
<div>auth_param basic realm Squid proxy-caching web server</div>
<div>auth_param basic credentialsttl 2 hours</div>
<div>acl auth proxy_auth REQUIRED</div>
<div>http_access allow all auth</div>
<div>http_access allow localnet</div>
<div>http_access allow localhost</div>
<div>http_access deny all</div>
<div>http_port <a moz-do-not-send="true"
href="http://0.0.0.0:8080">0.0.0.0:8080</a></div>
<div>coredump_dir /var/spool/squid</div>
<div>refresh_pattern ^ftp: 1440 20% 10080</div>
<div>refresh_pattern ^gopher: 1440 0% 1440</div>
<div>refresh_pattern -i (/cgi-bin/|\?) 0 0% 0</div>
<div>refresh_pattern . 0 20% 4320</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>It was the same behavior with squid-3.1.10-19. I thought,
upgrading to squid 3.3 would help. Please help me resolving
this mystery. </div>
<div><br>
</div>
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">Thanks & Regards<br>
<br>
<div>Jagannath Naidu </div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
</body>
</html>