[squid-users] ERROR The requested URL could not be retrieved

Uchenna Nebedum nebeduch at gmail.com
Mon Oct 29 15:20:01 UTC 2018 

Good Day All,
I have setup squid 3.5 with mikrotik, and ssl bumping is enabled. after
accepting the certificate on the browser prompt, Squid throws an error on
the browser, "*unable to forward this request at this time.*" it throws
this error for http sites as well. please what could be causing this error.

*Please find attached my squid.conf*



































































*#cache_log /var/log/squid/cache.logcache_effective_user proxyacl localnet
src 10.0.0.0/24 <http://10.0.0.0/24>acl localnet src 172.16.0.0/12
<http://172.16.0.0/12>acl localnet src 192.168.0.0/16
<http://192.168.0.0/16>acl localnet src fc00::/7acl localnet src
fe80::/10acl SSL_ports port 443 acl Safe_ports port 80          # httpacl
Safe_ports port 21          # ftpacl Safe_ports port 443         # httpsacl
Safe_ports port 70          # gopheracl Safe_ports port 210         #
waisacl Safe_ports port 1025-65535  # unregistered portsacl Safe_ports port
280         # http-mgmtacl Safe_ports port 488         # gss-httpacl
Safe_ports port 591         # filemakeracl Safe_ports port 777         #
multiling httpacl CONNECT method CONNECThttp_access deny
!Safe_portshttp_access deny CONNECT !SSL_portsnever_direct allow
allhttp_access allow localhost managerhttp_access deny managerhttp_access
allow localnethttp_access allow localhosthttp_access deny
allvisible_hostname localhosthttp_port 3126 intercepthttp_port 3128
ssl-bump  generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/opt/websafety/etc/myca.pem https_port 3127 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/opt/websafety/etc/myca.pemsslcrtd_program
/usr/local/squid/libexec/ssl_crtd -s /var/spool/squid_ssldb -M 4MB
sslcrtd_children 8 startup=1 idle=1sslproxy_cert_error allow
all#sslproxy_cert_error allow ssl_error_domains#sslproxy_cert_error allow
ssl_error_ipsacl step1 at_step SslBump1acl step2 at_step SslBump2acl step3
at_step SslBump3ssl_bump peek step1 allssl_bump stare step2 allssl_bump
bump step3 allssl_bump splice localhostssl_bump splice allvia
offforwarded_for onrequest_header_access From deny allrequest_header_access
Cache-Control deny allrequest_header_access Keep-Alive deny
allrequest_header_access Other deny allreply_header_access Set-Cookie deny
allreply_header_access Set-Cookie2 deny allreply_header_access Other deny
alladaptation_access greasyspoon allow alldns_timeout 30
secondsdns_v4_first on#ecap_enable officap_enable onicap_preview_enable
officap_preview_size 2048icap_persistent_connections
onadaptation_send_client_ip onadaptation_send_username onicap_service
greasyspoon respmod_precache icap://127.0.0.1:1344/response
<http://127.0.0.1:1344/response> bypass=0refresh_pattern ^ftp:
1440    20%    10080refresh_pattern ^gopher:    1440    0%
1440refresh_pattern -i (/cgi-bin/|\?) 0    0%    0refresh_pattern .
0    20%    4320shutdown_lifetime 10 seconds*


*and my access.log*




















































































*1540823796.041      1 10.0.0.252 TAG_NONE/200 0 CONNECT 52.114.76.34:443
<http://52.114.76.34:443> - HIER_NONE/- -1540823796.041      1 10.0.0.252
TAG_NONE/200 0 CONNECT 52.114.76.34:443 <http://52.114.76.34:443> -
HIER_NONE/- -1540823840.186      1 10.0.0.252 TAG_NONE/200 0 CONNECT
52.114.76.34:443 <http://52.114.76.34:443> - HIER_NONE/-
-1540823864.291      1 10.0.0.252 TAG_NONE/200 0 CONNECT 191.239.240.49:443
<http://191.239.240.49:443> - HIER_NONE/- -1540823864.297      8 10.0.0.252
TAG_NONE/200 0 CONNECT 191.239.240.49:443 <http://191.239.240.49:443> -
HIER_NONE/- -1540823864.342      1 10.0.0.252 TAG_NONE/200 0 CONNECT
191.239.240.49:443 <http://191.239.240.49:443> - HIER_NONE/-
-1540823864.628      1 10.0.0.252 TAG_NONE/200 0 CONNECT 152.199.19.161:443
<http://152.199.19.161:443> - HIER_NONE/- -1540823864.628      1 10.0.0.252
TAG_NONE/200 0 CONNECT 152.199.19.161:443 <http://152.199.19.161:443> -
HIER_NONE/- -1540823864.644      1 10.0.0.252 TAG_NONE/200 0 CONNECT
152.199.19.161:443 <http://152.199.19.161:443> - HIER_NONE/-
-1540824133.725    117 10.0.0.253 TCP_MISS/500 4215 GET
http://init-p01md.apple.com/bag <http://init-p01md.apple.com/bag> -
HIER_NONE/- text/html1540824133.725    114 10.0.0.253 TCP_MISS/500 4215 GET
http://init-p01md.apple.com/bag <http://init-p01md.apple.com/bag> -
HIER_NONE/- text/html1540824133.729    112 10.0.0.253 TCP_MISS/500 4310 GET
http://init.ess.apple.com/WebObjects/VCInit.woa/wa/getBag
<http://init.ess.apple.com/WebObjects/VCInit.woa/wa/getBag>? - HIER_NONE/-
text/html1540824133.729    109 10.0.0.253 TCP_MISS/500 4310 GET
http://init.ess.apple.com/WebObjects/VCInit.woa/wa/getBag
<http://init.ess.apple.com/WebObjects/VCInit.woa/wa/getBag>? - HIER_NONE/-
text/html1540824133.850     14 10.0.0.253 TAG_NONE/200 0 CONNECT
95.101.216.92:443 <http://95.101.216.92:443> - HIER_NONE/-
-1540824133.850     11 10.0.0.253 TAG_NONE/200 0 CONNECT 95.101.216.92:443
<http://95.101.216.92:443> - HIER_NONE/- -1540824133.854     12 10.0.0.253
TAG_NONE/200 0 CONNECT 95.101.216.92:443 <http://95.101.216.92:443> -
HIER_NONE/- -1540824133.966    122 10.0.0.253 TCP_MISS/500 4205 GET
http://init-p01st.push.apple.com/bag <http://init-p01st.push.apple.com/bag>
- HIER_NONE/- text/html1540824133.987    164 10.0.0.253 TAG_NONE/200 0
CONNECT 95.101.188.60:443 <http://95.101.188.60:443> - HIER_NONE/-
-1540824133.987    164 10.0.0.253 TAG_NONE/200 0 CONNECT 17.137.166.4:443
<http://17.137.166.4:443> - HIER_NONE/- -1540824134.251      4 10.0.0.253
TAG_NONE/200 0 CONNECT 95.101.188.60:443 <http://95.101.188.60:443> -
HIER_NONE/- -1540824134.336      4 10.0.0.253 TAG_NONE/200 0 CONNECT
17.167.193.43:443 <http://17.167.193.43:443> - HIER_NONE/-
-1540824136.162     17 10.0.0.253 TAG_NONE/200 0 CONNECT 192.12.31.78:443
<http://192.12.31.78:443> - HIER_NONE/- -1540824136.299      4 10.0.0.253
TAG_NONE/200 0 CONNECT 157.119.235.19:443 <http://157.119.235.19:443> -
HIER_NONE/- -1540824150.357      4 10.0.0.253 TAG_NONE/200 0 CONNECT
17.167.192.128:443 <http://17.167.192.128:443> - HIER_NONE/-
-1540824159.403      4 10.0.0.253 TAG_NONE/200 0 CONNECT 17.167.192.128:443
<http://17.167.192.128:443> - HIER_NONE/- -1540824769.945    601 10.0.0.253
TCP_MISS/500 4217 GET http://captive.apple.com/hotspot-detect.html
<http://captive.apple.com/hotspot-detect.html> - HIER_NONE/-
text/html1540824770.651    135 10.0.0.253 TAG_NONE/200 0 CONNECT
216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/-
-1540824770.654    136 10.0.0.253 TAG_NONE/200 0 CONNECT 104.83.75.199:443
<http://104.83.75.199:443> - HIER_NONE/- -1540824771.204    351 10.0.0.253
TAG_NONE/200 0 CONNECT 17.151.240.36:443 <http://17.151.240.36:443> -
HIER_NONE/- -1540824771.451     10 10.0.0.253 TAG_NONE/200 0 CONNECT
17.120.225.140:443 <http://17.120.225.140:443> - HIER_NONE/-
-1540824771.452      7 10.0.0.253 TAG_NONE/200 0 CONNECT 17.120.225.140:443
<http://17.120.225.140:443> - HIER_NONE/- -1540824771.680    827 10.0.0.253
TAG_NONE/200 0 CONNECT 216.58.223.202:443 <http://216.58.223.202:443> -
HIER_NONE/- -1540824771.688    833 10.0.0.253 TAG_NONE/200 0 CONNECT
216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/-
-1540824771.688      1 10.0.0.253 TAG_NONE/200 0 CONNECT 216.58.223.202:443
<http://216.58.223.202:443> - HIER_NONE/- -1540824771.693      6 10.0.0.253
TAG_NONE/200 0 CONNECT 104.83.64.191:443 <http://104.83.64.191:443> -
HIER_NONE/- -1540824771.847    159 10.0.0.253 TAG_NONE/200 0 CONNECT
17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/-
-1540824771.882     30 10.0.0.253 TAG_NONE/200 0 CONNECT 216.58.223.202:443
<http://216.58.223.202:443> - HIER_NONE/- -1540824771.883     30 10.0.0.253
TAG_NONE/200 0 CONNECT 216.58.223.194:443 <http://216.58.223.194:443> -
HIER_NONE/- -1540824771.887     36 10.0.0.253 TAG_NONE/200 0 CONNECT
17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/-
-1540824772.034     42 10.0.0.253 TAG_NONE/200 0 CONNECT 216.58.223.206:443
<http://216.58.223.206:443> - HIER_NONE/- -1540824772.036      6 10.0.0.253
TAG_NONE/200 0 CONNECT 216.58.223.194:443 <http://216.58.223.194:443> -
HIER_NONE/- -1540824772.042      1 10.0.0.253 TAG_NONE/200 0 CONNECT
17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/-
-1540824772.078      5 10.0.0.253 TAG_NONE/200 0 CONNECT 216.58.223.194:443
<http://216.58.223.194:443> - HIER_NONE/- -1540824772.146     15 10.0.0.253
TAG_NONE/200 0 CONNECT 17.151.240.36:443 <http://17.151.240.36:443> -
HIER_NONE/- -1540824772.150      4 10.0.0.253 TAG_NONE/200 0 CONNECT
104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/-
-1540824772.172      5 10.0.0.253 TAG_NONE/200 0 CONNECT 104.83.75.199:443
<http://104.83.75.199:443> - HIER_NONE/- -1540824772.243     90 10.0.0.253
TAG_NONE/200 0 CONNECT 216.58.223.194:443 <http://216.58.223.194:443> -
HIER_NONE/- -1540824772.278      5 10.0.0.253 TAG_NONE/200 0 CONNECT
17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/-
-1540824772.296      4 10.0.0.253 TAG_NONE/200 0 CONNECT 216.58.223.194:443
<http://216.58.223.194:443> - HIER_NONE/- -1540824772.341      8 10.0.0.253
TAG_NONE/200 0 CONNECT 216.58.223.194:443 <http://216.58.223.194:443> -
HIER_NONE/- -1540824772.719     10 10.0.0.253 TAG_NONE/200 0 CONNECT
216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/-
-1540824772.722      5 10.0.0.253 TAG_NONE/200 0 CONNECT 17.151.240.36:443
<http://17.151.240.36:443> - HIER_NONE/- -1540824772.787      9 10.0.0.253
TAG_NONE/200 0 CONNECT 17.248.146.179:443 <http://17.248.146.179:443> -
HIER_NONE/- -1540824772.868      4 10.0.0.253 TAG_NONE/200 0 CONNECT
216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/-
-1540824773.239      5 10.0.0.253 TAG_NONE/200 0 CONNECT 216.58.223.202:443
<http://216.58.223.202:443> - HIER_NONE/- -1540824773.810      8 10.0.0.253
TAG_NONE/200 0 CONNECT 17.151.240.36:443 <http://17.151.240.36:443> -
HIER_NONE/- -1540824773.868      4 10.0.0.253 TAG_NONE/200 0 CONNECT
17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/-
-1540824774.898      4 10.0.0.253 TAG_NONE/200 0 CONNECT 17.151.240.36:443
<http://17.151.240.36:443> - HIER_NONE/- -1540824774.964      7 10.0.0.253
TAG_NONE/200 0 CONNECT 17.248.146.179:443 <http://17.248.146.179:443> -
HIER_NONE/- -1540824776.218      4 10.0.0.253 TAG_NONE/200 0 CONNECT
104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/-
-1540824956.204     56 10.0.0.253 TAG_NONE/200 0 CONNECT 104.83.75.199:443
<http://104.83.75.199:443> - HIER_NONE/- -1540824956.374    110 10.0.0.253
TCP_MISS/500 4205 GET http://init-p01st.push.apple.com/bag
<http://init-p01st.push.apple.com/bag> - HIER_NONE/-
text/html1540824956.966      5 10.0.0.253 TAG_NONE/200 0 CONNECT
17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/-
-1540824957.034      7 10.0.0.253 TAG_NONE/200 0 CONNECT 17.151.240.36:443
<http://17.151.240.36:443> - HIER_NONE/- -1540824957.043      3 10.0.0.253
TAG_NONE/200 0 CONNECT 104.83.75.199:443 <http://104.83.75.199:443> -
HIER_NONE/- -1540824957.124     23 10.0.0.253 TAG_NONE/200 0 CONNECT
104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/-
-1540824957.190     13 10.0.0.253 TAG_NONE/200 0 CONNECT 17.151.240.36:443
<http://17.151.240.36:443> - HIER_NONE/- -1540824957.273      4 10.0.0.253
TAG_NONE/200 0 CONNECT 104.83.75.199:443 <http://104.83.75.199:443> -
HIER_NONE/- -1540824957.355      4 10.0.0.253 TAG_NONE/200 0 CONNECT
17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/-
-1540824957.495      4 10.0.0.253 TAG_NONE/200 0 CONNECT 104.83.75.199:443
<http://104.83.75.199:443> - HIER_NONE/- -1540824957.573      4 10.0.0.253
TAG_NONE/200 0 CONNECT 17.151.240.36:443 <http://17.151.240.36:443> -
HIER_NONE/- -1540824957.642      5 10.0.0.253 TAG_NONE/200 0 CONNECT
104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/-
-1540824957.723      4 10.0.0.253 TAG_NONE/200 0 CONNECT 17.151.240.36:443
<http://17.151.240.36:443> - HIER_NONE/- -1540824957.783      4 10.0.0.253
TAG_NONE/200 0 CONNECT 104.83.75.199:443 <http://104.83.75.199:443> -
HIER_NONE/- -1540824967.333      5 10.0.0.253 TAG_NONE/200 0 CONNECT
104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/-
-1540824967.398      5 10.0.0.253 TAG_NONE/200 0 CONNECT 17.151.240.36:443
<http://17.151.240.36:443> - HIER_NONE/- -1540824967.454      4 10.0.0.253
TAG_NONE/200 0 CONNECT 104.83.75.199:443 <http://104.83.75.199:443> -
HIER_NONE/- -1540824970.474      4 10.0.0.253 TAG_NONE/200 0 CONNECT
17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/-
-1540824971.300      5 10.0.0.253 TAG_NONE/200 0 CONNECT 17.56.48.13:443
<http://17.56.48.13:443> - HIER_NONE/- -1540824971.625      9 10.0.0.253
TAG_NONE/200 0 CONNECT 92.122.44.112:443 <http://92.122.44.112:443> -
HIER_NONE/- -1540825078.056      4 10.0.0.253 TAG_NONE/200 0 CONNECT
17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/-
-1540825078.058     14 10.0.0.253 TAG_NONE/200 0 CONNECT 104.83.75.199:443
<http://104.83.75.199:443> - HIER_NONE/- -1540825078.224      8 10.0.0.253
TAG_NONE/200 0 CONNECT 104.83.75.199:443 <http://104.83.75.199:443> -
HIER_NONE/- -1540825584.867    258 10.0.0.253 TCP_MISS/500 4217 GET
http://captive.apple.com/hotspot-detect.html
<http://captive.apple.com/hotspot-detect.html> - HIER_NONE/- text/html*

please i'll provide any other information required. please i really need
help. I noticed my last two questions weren't answered, i really need help.
I've noticed google and facebook are reachable.

-- 
Nebedum Uchenna
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20181029/d5d6d850/attachment-0001.html>

More information about the squid-users mailing list