<div dir="ltr"><div dir="ltr">
<div class="gmail-Translate-OutputText" role="article" aria-label="Основной перевод: No, ssl_bump is not used in any form in Squid, I intentionally reproduced the problem on the default configuration file."><div class="gmail-Translate-TargetText gmail-Translate-TargetText_userSelect_enabled" aria-hidden="true">No, ssl_bump is not used in any form in Squid, I intentionally reproduced the problem on the default configuration file.</div></div>
</div><div><br></div><div>In access.log i do not observe any questionable recordings when reproducing the problem:</div><div>acl hasRequest has request</div><div>access_log daemon:/var/log/squid/access.log squid hasRequest</div><div><br></div><div>TCP_TUNNEL/200 39 CONNECT <a href="http://play.google.com:443">play.google.com:443</a> - HIER_DIRECT/<a href="http://216.58.212.174">216.58.212.174</a> -<br>TCP_TUNNEL/200 39 CONNECT <a href="http://www.gstatic.com:443">www.gstatic.com:443</a> - HIER_DIRECT/<a href="http://142.250.185.195">142.250.185.195</a> -<br>TCP_TUNNEL/200 6623 CONNECT <a href="http://drive.google.com:443">drive.google.com:443</a> - HIER_DIRECT/<a href="http://142.250.27.194">142.250.27.194</a> -<br>TCP_TUNNEL/200 13269 CONNECT <a href="http://waa-pa.clients6.google.com:443">waa-pa.clients6.google.com:443</a> - HIER_DIRECT/<a href="http://142.250.186.138">142.250.186.138</a> -</div><div><br></div><div>
Yes, such messages were present in the cache.log when the Google service
was running. I didn't attach any significant importance to them. <br></div><div><br></div><div>Probably not, rather than yes. Either these messages will appear in the cache.log with a delay.</div><div><br></div><div><br></div><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">вс, 22 дек. 2024 г. в 07:17, Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com">rousskov@measurement-factory.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 2024-12-21 12:26, A. Pechenin wrote:<br>
> This week, when connecting users through a proxy server, some Google <br>
> services became inaccessible, such as Calendar, Translator, user profile.<br>
<br>
Do you use any ssl_bump directives? You have mentioned a test with <br>
"default configuration file" below. That configuration file does not <br>
have any ssl_bump directives. When testing with that default <br>
configuration file, did you add any ssl_bump directives?<br>
<br>
If you are not using SslBump, then suggestions regarding "splicing" do <br>
not apply to your environment -- your Squid is already effectively <br>
splicing all TLS connections. In this case, please clarify whether <br>
"Operation timed out" failures that you have mentioned in your second <br>
post are also reflected in access.log records. You have said that "all <br>
requests are processed correctly and no errors or prohibitions are <br>
observed", and I am trying to correlate that statement with those <br>
timeout errors...<br>
<br>
<br>
> 2024/12/21 21:54:57 kid1| conn43356657 local=MYREALIP:53130<br>
> remote=<a href="http://142.250.186.142:443" rel="noreferrer" target="_blank">142.250.186.142:443</a> HIER_DIRECT FD 121 flags=1: <br>
> read/write failure: (60) Operation timed out<br>
> current master transaction: master13542083<br>
<br>
Do you know whether these timeout errors were present when everything <br>
was working correctly?<br>
<br>
Do you always see at least one such timeout error for every case when <br>
"the page does not open and then a connection error is displayed"? In <br>
other words, is there a strong correlation between client-side problems <br>
and these timeout errors in cache.log?<br>
<br>
<br>
Thank you,<br>
<br>
Alex.<br>
<br>
<br>
> When clicking on the services section in the browser on the Google <br>
> portal, the page does not open and then a connection error is displayed. <br>
> When directly going to the calendar section, the connection also hangs <br>
> for a long time without loading the page. At the same time, the Google <br>
> home page, mail, search work.<br>
> <br>
> Transparent proxying is not used.<br>
> Viewing the proxy server logs did not add any understanding, all <br>
> requests are processed correctly and no errors or prohibitions are <br>
> observed. There are no other problems with the unavailability of any sites.<br>
> <br>
> When connecting directly (bypassing the proxy server), all Google <br>
> services work completely correctly.<br>
> The platform on which the problem was suddenly discovered:<br>
> FreeBSD 13.2-RELEASE-p9<br>
> Squid 6.6<br>
> <br>
> A new separate server was deployed for objectivity and finding the <br>
> cause, but the problem was also reproduced there, its platform.<br>
> FreeBSD 13.4-RELEASE-p2<br>
> Squid 6.10<br>
> <br>
> I tried using the default configuration file (recommended minimum <br>
> configuration) to eliminate the problem in my working squid.conf, but <br>
> the problem remained<br>
> <br>
> I repeat, the problem reproduced suddenly, no changes were made to the <br>
> proxy server configuration on our side, no problems with Google have <br>
> arisen for many years. What should I pay attention to in the Squid <br>
> configuration? Any idea<br>
> <br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
> <a href="https://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">https://lists.squid-cache.org/listinfo/squid-users</a><br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="https://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">https://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div></div>