[squid-users] ERROR The requested URL could not be retrieved

Mon Oct 29 15:23:33 UTC 2018

On 29/10/2018 15:20, Uchenna Nebedum wrote:
> Good Day All,
> I have setup squid 3.5 with mikrotik, and ssl bumping is enabled. after
> accepting the certificate on the browser prompt, Squid throws an error
> on the browser, "*unable to forward this request at this time.*" it
> throws this error for http sites as well. please what could be causing
> this error.

never_direct allow all

How is your proxy meant to forward on requests? You have no cache peers,
but have told it never to go direct (i.e. always use a cache peer).

> *Please find attached my squid.conf*
> /#cache_log /var/log/squid/cache.log
> cache_effective_user proxy
> acl localnet src 10.0.0.0/24 <http://10.0.0.0/24>
> acl localnet src 172.16.0.0/12 <http://172.16.0.0/12>
> acl localnet src 192.168.0.0/16 <http://192.168.0.0/16>
> acl localnet src fc00::/7
> acl localnet src fe80::/10
> acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443         # https
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> never_direct allow all
> http_access allow localhost manager
> http_access deny manager
> http_access allow localnet
> http_access allow localhost
> http_access deny all
> visible_hostname localhost
> http_port 3126 intercept
> http_port 3128 ssl-bump  generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/opt/websafety/etc/myca.pem
> https_port 3127 intercept ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/opt/websafety/etc/myca.pem
> sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
> /var/spool/squid_ssldb -M 4MB sslcrtd_children 8 startup=1 idle=1
> sslproxy_cert_error allow all
> #sslproxy_cert_error allow ssl_error_domains
> #sslproxy_cert_error allow ssl_error_ips
> acl step1 at_step SslBump1
> acl step2 at_step SslBump2
> acl step3 at_step SslBump3
> ssl_bump peek step1 all
> ssl_bump stare step2 all
> ssl_bump bump step3 all
> ssl_bump splice localhost
> ssl_bump splice all
> via off
> forwarded_for on
> request_header_access From deny all
> request_header_access Cache-Control deny all
> request_header_access Keep-Alive deny all
> request_header_access Other deny all
> reply_header_access Set-Cookie deny all
> reply_header_access Set-Cookie2 deny all
> reply_header_access Other deny all
> adaptation_access greasyspoon allow all
> dns_timeout 30 seconds
> dns_v4_first on
> #ecap_enable off
> icap_enable on
> icap_preview_enable off
> icap_preview_size 2048
> icap_persistent_connections on
> adaptation_send_client_ip on
> adaptation_send_username on
> icap_service greasyspoon respmod_precache icap://127.0.0.1:1344/response
> <http://127.0.0.1:1344/response> bypass=0
> refresh_pattern ^ftp:        1440    20%    10080
> refresh_pattern ^gopher:    1440    0%    1440
> refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
> refresh_pattern .        0    20%    4320
> shutdown_lifetime 10 seconds/
> 
> 
> *and my access.log*
> /1540823796.041      1 10.0.0.252 TAG_NONE/200 0 CONNECT
> 52.114.76.34:443 <http://52.114.76.34:443> - HIER_NONE/- -
> 1540823796.041      1 10.0.0.252 TAG_NONE/200 0 CONNECT 52.114.76.34:443
> <http://52.114.76.34:443> - HIER_NONE/- -
> 1540823840.186      1 10.0.0.252 TAG_NONE/200 0 CONNECT 52.114.76.34:443
> <http://52.114.76.34:443> - HIER_NONE/- -
> 1540823864.291      1 10.0.0.252 TAG_NONE/200 0 CONNECT
> 191.239.240.49:443 <http://191.239.240.49:443> - HIER_NONE/- -
> 1540823864.297      8 10.0.0.252 TAG_NONE/200 0 CONNECT
> 191.239.240.49:443 <http://191.239.240.49:443> - HIER_NONE/- -
> 1540823864.342      1 10.0.0.252 TAG_NONE/200 0 CONNECT
> 191.239.240.49:443 <http://191.239.240.49:443> - HIER_NONE/- -
> 1540823864.628      1 10.0.0.252 TAG_NONE/200 0 CONNECT
> 152.199.19.161:443 <http://152.199.19.161:443> - HIER_NONE/- -
> 1540823864.628      1 10.0.0.252 TAG_NONE/200 0 CONNECT
> 152.199.19.161:443 <http://152.199.19.161:443> - HIER_NONE/- -
> 1540823864.644      1 10.0.0.252 TAG_NONE/200 0 CONNECT
> 152.199.19.161:443 <http://152.199.19.161:443> - HIER_NONE/- -
> 1540824133.725    117 10.0.0.253 TCP_MISS/500 4215 GET
> http://init-p01md.apple.com/bag - HIER_NONE/- text/html
> 1540824133.725    114 10.0.0.253 TCP_MISS/500 4215 GET
> http://init-p01md.apple.com/bag - HIER_NONE/- text/html
> 1540824133.729    112 10.0.0.253 TCP_MISS/500 4310 GET
> http://init.ess.apple.com/WebObjects/VCInit.woa/wa/getBag? - HIER_NONE/-
> text/html
> 1540824133.729    109 10.0.0.253 TCP_MISS/500 4310 GET
> http://init.ess.apple.com/WebObjects/VCInit.woa/wa/getBag? - HIER_NONE/-
> text/html
> 1540824133.850     14 10.0.0.253 TAG_NONE/200 0 CONNECT
> 95.101.216.92:443 <http://95.101.216.92:443> - HIER_NONE/- -
> 1540824133.850     11 10.0.0.253 TAG_NONE/200 0 CONNECT
> 95.101.216.92:443 <http://95.101.216.92:443> - HIER_NONE/- -
> 1540824133.854     12 10.0.0.253 TAG_NONE/200 0 CONNECT
> 95.101.216.92:443 <http://95.101.216.92:443> - HIER_NONE/- -
> 1540824133.966    122 10.0.0.253 TCP_MISS/500 4205 GET
> http://init-p01st.push.apple.com/bag - HIER_NONE/- text/html
> 1540824133.987    164 10.0.0.253 TAG_NONE/200 0 CONNECT
> 95.101.188.60:443 <http://95.101.188.60:443> - HIER_NONE/- -
> 1540824133.987    164 10.0.0.253 TAG_NONE/200 0 CONNECT 17.137.166.4:443
> <http://17.137.166.4:443> - HIER_NONE/- -
> 1540824134.251      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 95.101.188.60:443 <http://95.101.188.60:443> - HIER_NONE/- -
> 1540824134.336      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.167.193.43:443 <http://17.167.193.43:443> - HIER_NONE/- -
> 1540824136.162     17 10.0.0.253 TAG_NONE/200 0 CONNECT 192.12.31.78:443
> <http://192.12.31.78:443> - HIER_NONE/- -
> 1540824136.299      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 157.119.235.19:443 <http://157.119.235.19:443> - HIER_NONE/- -
> 1540824150.357      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.167.192.128:443 <http://17.167.192.128:443> - HIER_NONE/- -
> 1540824159.403      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.167.192.128:443 <http://17.167.192.128:443> - HIER_NONE/- -
> 1540824769.945    601 10.0.0.253 TCP_MISS/500 4217 GET
> http://captive.apple.com/hotspot-detect.html - HIER_NONE/- text/html
> 1540824770.651    135 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- -
> 1540824770.654    136 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824771.204    351 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824771.451     10 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.120.225.140:443 <http://17.120.225.140:443> - HIER_NONE/- -
> 1540824771.452      7 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.120.225.140:443 <http://17.120.225.140:443> - HIER_NONE/- -
> 1540824771.680    827 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- -
> 1540824771.688    833 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- -
> 1540824771.688      1 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- -
> 1540824771.693      6 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.64.191:443 <http://104.83.64.191:443> - HIER_NONE/- -
> 1540824771.847    159 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824771.882     30 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- -
> 1540824771.883     30 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- -
> 1540824771.887     36 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/- -
> 1540824772.034     42 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.206:443 <http://216.58.223.206:443> - HIER_NONE/- -
> 1540824772.036      6 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- -
> 1540824772.042      1 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824772.078      5 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- -
> 1540824772.146     15 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824772.150      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824772.172      5 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824772.243     90 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- -
> 1540824772.278      5 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/- -
> 1540824772.296      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- -
> 1540824772.341      8 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- -
> 1540824772.719     10 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- -
> 1540824772.722      5 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824772.787      9 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/- -
> 1540824772.868      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- -
> 1540824773.239      5 10.0.0.253 TAG_NONE/200 0 CONNECT
> 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- -
> 1540824773.810      8 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824773.868      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/- -
> 1540824774.898      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824774.964      7 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/- -
> 1540824776.218      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824956.204     56 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824956.374    110 10.0.0.253 TCP_MISS/500 4205 GET
> http://init-p01st.push.apple.com/bag - HIER_NONE/- text/html
> 1540824956.966      5 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824957.034      7 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824957.043      3 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824957.124     23 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824957.190     13 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824957.273      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824957.355      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824957.495      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824957.573      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824957.642      5 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824957.723      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824957.783      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824967.333      5 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824967.398      5 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824967.454      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540824970.474      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540824971.300      5 10.0.0.253 TAG_NONE/200 0 CONNECT 17.56.48.13:443
> <http://17.56.48.13:443> - HIER_NONE/- -
> 1540824971.625      9 10.0.0.253 TAG_NONE/200 0 CONNECT
> 92.122.44.112:443 <http://92.122.44.112:443> - HIER_NONE/- -
> 1540825078.056      4 10.0.0.253 TAG_NONE/200 0 CONNECT
> 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- -
> 1540825078.058     14 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540825078.224      8 10.0.0.253 TAG_NONE/200 0 CONNECT
> 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- -
> 1540825584.867    258 10.0.0.253 TCP_MISS/500 4217 GET
> http://captive.apple.com/hotspot-detect.html - HIER_NONE/- text/html
> /*
> *
> 
> please i'll provide any other information required. please i really need
> help. I noticed my last two questions weren't answered, i really need
> help. I've noticed google and facebook are reachable.
> 
> -- 
> Nebedum Uchenna
> 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 