<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div>Hi, <br></div><div><br></div><div>Here's one more clue (thank's wireshark):<br></div><div><br></div><div>-> When I try to surf on the Net with client's firefox configued (manual proxy configuration) with the ip and port of the parent proxy, it's ok :<br></div><div>58 5.940721294 172.16.103.101 172.16.103.254 HTTP 255 CONNECT <a href="http://www.google.com:443">www.google.com:443</a> HTTP/1.1<br></div><div>62 6.046854511 172.16.103.254 172.16.103.101 HTTP 75 HTTP/1.1 200 Connection established<br></div><div><br></div><div>-> When I configure firefox to use system proxy settings , it doesn't work:<br></div><div>35 4.798844976 172.16.103.101 172.16.103.254 HTTP 265 GET <a href="http://172.16.103.254:3128/squid-internal-dynamic/netdb">http://172.16.103.254:3128/squid-internal-dynamic/netdb</a> HTTP/1.1<br></div><div>47 4.800699191 172.16.103.254 172.16.103.101 HTTP 890 HTTP/1.1 403 Forbidden (text/html)<br></div><div><br></div><div>I think I'm going to disable netdb by adding no-netdb-exchange in my conf. <br></div><div>And by the way, what's the difference between CONNECT and GET ?<br></div><div><br></div><div>Yannick<br></div><div><br></div><div> <br></div><div>-- <br></div><div> Envoi sécurisé avec Tutanota. Obtenez votre propre adresse email chiffrée : <br></div><div> https://tutanota.com<br></div><div><br></div><div><br></div><div>26 juin 2020 à 07:11 de squid3@treenet.co.nz:<br></div><blockquote class="tutanota_quote" style="border-left: 1px solid #93A3B8; padding-left: 10px; margin-left: 5px;"><div>On 24/06/20 7:27 am, yannick.rousseau@tutanota.com wrote:<br></div><blockquote><div>Hi, <br></div><div><br></div><div>I'm using squid (4.6) on my server (debianedu buster LTSP), and I'm<br></div><div>trying to configure a parent proxy.<br></div><div><br></div><div>At first, when I configure the client's firefox (manual proxy<br></div><div>configuration) with the ip and port of the parent proxy, it's ok, I can<br></div><div>surf on the internet. <br></div><div><br></div><div>But I would like to configure my server's Squid Proxy to forward to a<br></div><div>parent proxy (172.16.103.254:3128)<br></div><div>-> So I add these two lines at the end of squid.conf:<br></div><div>cache_peer 172.16.103.254 parent 3128 0 no-query no-digest<br></div><div>never_direct allow all<br></div><div><br></div><div>-> And restart squid. It seems to be ok:<br></div><div># cat /var/log/squid/cache.log<br></div><div>(.....)<br></div><div>2020/06/23 09:51:12 kid1| Configuring Parent 172.16.103.254/3128/0<br></div><div>(....)<br></div><div><br></div><div>-> Then I configure firefox to use system proxy settings, but when I try<br></div><div>to google something or visit debian-fr.org, it doesn't work (no reponse<br></div><div>from the proxy).<br></div></blockquote><div><br></div><div>That is odd. The log shows a 403 response being delivered by the parent<br></div><div>proxy and delivered to Firefox.<br></div><div><br></div><div>Browsers refuse to display proxy responses on CONNECT requests. So the<br></div><div>first is expected. But the second one using http:// should be shown.<br></div><div><br></div><blockquote><div>But my squid's configuration seems to be ok:<br></div><div># cat /var/log/squid/access.log<br></div><div>(....)<br></div><div>1592921221.753 138 10.0.2.2 TCP_TUNNEL/403 361<br></div><div>CONNECT www.google.com:443 <http://www.google.com:443/> -<br></div><div>FIRSTUP_PARENT/172.16.103.254 -<br></div><div>1592921275.641 521 10.0.2.2 TCP_MISS/403 4289<br></div><div>GET http://www.debian-fr.org/ - FIRSTUP_PARENT/172.16.103.254 text/html<br></div><div>1592921275.692 0 10.0.2.2 TCP_HIT/200 13072 GET<br></div><div>(...)<br></div><div><br></div><div>Is it possible that the squid parent refuse to have "a child" ?<br></div></blockquote><div><br></div><div>Maybe. You will need to know the parent proxy configuration to tell<br></div><div>that. All that is visible from the detail you have shown is that parent<br></div><div>proxy has forbidden the requests it is receiving.<br></div><div><br></div><div><br></div><div>Amos<br></div><div>_______________________________________________<br></div><div>squid-users mailing list<br></div><div>squid-users@lists.squid-cache.org<br></div><div>http://lists.squid-cache.org/listinfo/squid-users<br></div></blockquote><div><br></div> </body>
</html>