[squid-users] Intermittent 409 Error to google.com

hoje hazri at ymail.com
Thu Aug 17 08:18:59 UTC 2017 

Hi,

I have setup a squid server (squid-3.5.26-20170702-r14182) to filter
http/https. It was working fine with up to 90 users except one thing. Few
PCs  would not be able connect to https sites (e.g google,yahoo,facebook)
intermittently. By clearing SSL State in user PCs (Windows->Control
Panel->Internet Properties) , it helps sometime (sometime not). Please
advice. Thank you.

my squid setup
----------------
(WAN)---(router)---(linux+bridge+squid)---(user)

e.g access.log
---------------
1502955689.139      0 10.40.21.24 TAG_NONE/409 4088 CONNECT
www.google.com:443 - HIER_NONE/- text/html

my squid.conf
---------------
max_filedesc 65535
dns_v4_first on
request_timeout 5 minutes

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access allow localhost manager
http_access allow localnet manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

http_port 0.0.0.0:3128 intercept
http_port 0.0.0.0:3130
https_port 0.0.0.0:3129 intercept ssl-bump connection-auth=off
cert=/etc/squid/squidCA.pem

cache_mem 256 MB
always_direct allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

acl test ssl::server_name "/etc/squid/test.txt"
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump terminate test
ssl_bump splice all
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB

cache_dir ufs /var/spool/squid 15360 16 256
cache_swap_low 87
cache_swap_high 90

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

url_rewrite_program /usr/bin/squidGuard
redirect_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf





--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Intermittent-409-Error-to-google-com-tp4683329.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list