[squid-users] net::err_cert_common_name_invalid just in squid page with dstdomain block
erdosain9
erdosain9 at gmail.com
Tue Dec 5 17:05:48 UTC 2017
"Does that error match the generated certificate sent by Squid to a
blocked Chrome user? In other words, does that certificate have an
invalid common name (CN) field? "
No, is the same certificate.
"I suggest comparing the following two certificates:
* the certificate sent by Squid to a blocked FireFox user
* the certificate sent by Squid to a blocked Chrome user "
Is the same certificate.
"I also suggest comparing the following access.log entries:
* the line(s) corresponding to the blocked FireFox user request
* the line(s) corresponding to the blocked Chrome user request "
Line corresponding to blocked Chrome
1512493257.523 175 192.168.1.121 TCP_DENIED/200 0 CONNECT
es-la.facebook.com:443 user at DOMAIN.LAN HIER_NONE/- -
1512493257.716 169 192.168.1.121 TCP_MISS/204 193 GET
http://www.gstatic.com/generate_204 user at DOMAIN.LAN
HIER_DIRECT/172.217.30.163 -
Line corresponding to blocked Firefox
1512493386.314 43 192.168.1.121 TCP_DENIED/200 0 CONNECT
es-la.facebook.com:443 user at DOMAIN.LAN HIER_NONE/- -
1512493386.317 0 192.168.1.121 TAG_NONE/403 6569 GET
https://es-la.facebook.com/ user at DOMAIN.LAN HIER_NONE/- text/html
1512493386.370 173 192.168.1.121 TAG_NONE/200 0 CONNECT
www.google.com.ar:443 user at DOMAIN.LAN HIER_DIRECT/216.58.222.163 -
1512493386.397 45 192.168.1.121 TCP_DENIED/200 0 CONNECT
es-la.facebook.com:443 user at DOMAIN.LAN HIER_NONE/- -
1512493386.400 0 192.168.1.121 TAG_NONE/403 6561 GET
http://squid.DOMAIN.lan:3128/squid-internal-static/icons/SN.png
user at DOMAIN.LAN HIER_NONE/- text/html
Is strange that from Firefox the "answer" is instantaneous, from chrome not.
Thanks to all.
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list