[squid-users] TCP_MISS/502 - audio stream - none default http ports
L.P.H. van Belle
belle at bazuin.nl
Tue Sep 18 13:02:35 UTC 2018
Hai,
You missed a few points in your config.
And thank you for the music link, something different then the radio here. ;-)
Ive installed a debian stretch server.
This is the debian default config with 2 modifications.
## Squid 3.5.23
## First enable the acl for YOUR localnet ( here i enable all 5)
: acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
: acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
: acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
: acl localnet src fc00::/7 # RFC 4193 local private network range
: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
: acl SSL_ports port 443
## PS in your config you did miss to add the extra SSL_Ports also to the Safe_port.
: acl Safe_ports port 80 # http
: acl Safe_ports port 21 # ftp
: acl Safe_ports port 443 # https
: acl Safe_ports port 70 # gopher
: acl Safe_ports port 210 # wais
: acl Safe_ports port 1025-65535 # unregistered ports
: acl Safe_ports port 280 # http-mgmt
: acl Safe_ports port 488 # gss-http
: acl Safe_ports port 591 # filemaker
: acl Safe_ports port 777 # multiling http
: acl CONNECT method CONNECT
: http_access deny !Safe_ports
: http_access deny CONNECT !SSL_ports
: http_access allow localhost manager
: http_access deny manager
: http_access allow localnet
## And here you missed the "allow localnet"
: http_access allow localhost
: http_access deny all
: http_port 3128
: coredump_dir /var/spool/squid
: refresh_pattern ^ftp: 1440 20% 10080
: refresh_pattern ^gopher: 1440 0% 1440
: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
: refresh_pattern . 0 20% 4320
As extra test.
I've installed squid 4.2 rebuilded from debian sid.
This is the exact config used, the used script is below the email.
I made 2 modifications.
Configuration File: /etc/squid/conf.d/debian.conf (depth 1) : enabled localnet
Configuration File: /etc/squid/conf.d/headers.conf (depth 1): added your headers.
: acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
: acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
: acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
: acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
: acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
: acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
: acl localnet src fc00::/7 # RFC 4193 local private network range
: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
: acl SSL_ports port 443
: acl Safe_ports port 80 # http
: acl Safe_ports port 21 # ftp
: acl Safe_ports port 443 # https
: acl Safe_ports port 70 # gopher
: acl Safe_ports port 210 # wais
: acl Safe_ports port 1025-65535 # unregistered ports
: acl Safe_ports port 280 # http-mgmt
: acl Safe_ports port 488 # gss-http
: acl Safe_ports port 591 # filemaker
: acl Safe_ports port 777 # multiling http
: acl CONNECT method CONNECT
: http_access deny !Safe_ports
: http_access deny CONNECT !SSL_ports
: http_access allow localhost manager
: http_access deny manager
: include /etc/squid/conf.d/*
Configuration File: /etc/squid/conf.d/debian.conf (depth 1)
: logfile_rotate 0
: http_access allow localnet
Configuration File: /etc/squid/conf.d/headers.conf (depth 1)
: request_header_access From deny all
: request_header_access Referer deny all
: request_header_access Server deny all
: request_header_access WWW-Authenticate deny all
: request_header_access Link deny all
: forwarded_for delete
: http_access allow localhost
: http_access deny all
: http_port 3128
: coredump_dir /var/spool/squid
: refresh_pattern ^ftp: 1440 20% 10080
: refresh_pattern ^gopher: 1440 0% 1440
: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
: refresh_pattern . 0 20% 4320
If you want the 4.2 for stretch, you can find it here :
https://downloads.van-belle.nl/squid/squid4.2/
Buildlogs are all included, or rebuild it yourself from sid/testing.
Its a pretty easy rebuild imo.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: squid-users
> [mailto:squid-users-bounces at lists.squid-cache.org] Namens
> Dörfler, Andreas
> Verzonden: dinsdag 18 september 2018 14:07
> Aan: squid-users at lists.squid-cache.org
> Onderwerp: [squid-users] TCP_MISS/502 - audio stream - none
> default http ports
>
> hello there,
>
> i try to get mp3/audio streams working on a "kinda default" debian
> stretch installation.
>
> after i failed with the default debian squid configuration, i
> tried the
> working config from the old proxy (Squid Cache: Version 3.1.20),
> but no luck either.
>
> audio streams work when it's a web-based radio on port
> 80/443, but once
> the radio leaves the default ports, it stops working.
>
> since the new squid is 4 minor releases above the old server, i think
> something major changed, but i have no clue, i touch the squid
> configuration only once every few years...
>
>
> ###>
> Squid Cache: Version 3.5.23
> <###
>
> config below is the one i copied from the old squid server,
> but as said,
> it won't work. security is handled by the firewall, so "allow
> all" isn't
> a issue.
>
> ###>config
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32 ::1
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
> acl SSL_ports port 443 9418 5001
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow all
> http_port 8080
> access_log /var/log/squid/access.log squid
> debug_options ALL,1
> coredump_dir /var/spool/squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> request_header_access From deny all
> request_header_access Referer deny all
> request_header_access Server deny all
> request_header_access WWW-Authenticate deny all
> request_header_access Link deny all
> forwarded_for delete
>
> <###
>
>
> ###>example stream
> https://tunein.com/radio/Americana-Breakdown-s281469/
> <###
>
> ###squid access.log errors
>
> 172.16.x.x TCP_MISS/502 4307 GET http://91.121.164.210:8104/ -
> HIER_DIRECT/91.121.164.210 text/html
>
> 172.16.x.x TCP_MISS/502 4312 GET http://91.121.164.210:8104/; -
> HIER_DIRECT/91.121.164.210 text/html
> <###
>
> and ideas?
>
> thanks in advance,
> andy
>
More information about the squid-users
mailing list