[squid-users] no response from the proxy squid parent
yannick.rousseau at tutanota.com
yannick.rousseau at tutanota.com
Sat Jun 27 02:24:04 UTC 2020
Hi,
Here's one more clue (thank's wireshark):
-> When I try to surf on the Net with client's firefox configued (manual proxy configuration) with the ip and port of the parent proxy, it's ok :
58 5.940721294 172.16.103.101 172.16.103.254 HTTP 255 CONNECT www.google.com:443 <http://www.google.com:443> HTTP/1.1
62 6.046854511 172.16.103.254 172.16.103.101 HTTP 75 HTTP/1.1 200 Connection established
-> When I configure firefox to use system proxy settings , it doesn't work:
35 4.798844976 172.16.103.101 172.16.103.254 HTTP 265 GET http://172.16.103.254:3128/squid-internal-dynamic/netdb HTTP/1.1
47 4.800699191 172.16.103.254 172.16.103.101 HTTP 890 HTTP/1.1 403 Forbidden (text/html)
I think I'm going to disable netdb by adding no-netdb-exchange in my conf.
And by the way, what's the difference between CONNECT and GET ?
Yannick
--
Envoi sécurisé avec Tutanota. Obtenez votre propre adresse email chiffrée :
https://tutanota.com
26 juin 2020 à 07:11 de squid3 at treenet.co.nz:
> On 24/06/20 7:27 am, yannick.rousseau at tutanota.com wrote:
>
>> Hi,
>>
>> I'm using squid (4.6) on my server (debianedu buster LTSP), and I'm
>> trying to configure a parent proxy.
>>
>> At first, when I configure the client's firefox (manual proxy
>> configuration) with the ip and port of the parent proxy, it's ok, I can
>> surf on the internet.
>>
>> But I would like to configure my server's Squid Proxy to forward to a
>> parent proxy (172.16.103.254:3128)
>> -> So I add these two lines at the end of squid.conf:
>> cache_peer 172.16.103.254 parent 3128 0 no-query no-digest
>> never_direct allow all
>>
>> -> And restart squid. It seems to be ok:
>> # cat /var/log/squid/cache.log
>> (.....)
>> 2020/06/23 09:51:12 kid1| Configuring Parent 172.16.103.254/3128/0
>> (....)
>>
>> -> Then I configure firefox to use system proxy settings, but when I try
>> to google something or visit debian-fr.org, it doesn't work (no reponse
>> from the proxy).
>>
>
> That is odd. The log shows a 403 response being delivered by the parent
> proxy and delivered to Firefox.
>
> Browsers refuse to display proxy responses on CONNECT requests. So the
> first is expected. But the second one using http:// should be shown.
>
>
>> But my squid's configuration seems to be ok:
>> # cat /var/log/squid/access.log
>> (....)
>> 1592921221.753 138 10.0.2.2 TCP_TUNNEL/403 361
>> CONNECT www.google.com:443 <http://www.google.com:443/> -
>> FIRSTUP_PARENT/172.16.103.254 -
>> 1592921275.641 521 10.0.2.2 TCP_MISS/403 4289
>> GET http://www.debian-fr.org/ - FIRSTUP_PARENT/172.16.103.254 text/html
>> 1592921275.692 0 10.0.2.2 TCP_HIT/200 13072 GET
>> (...)
>>
>> Is it possible that the squid parent refuse to have "a child" ?
>>
>
> Maybe. You will need to know the parent proxy configuration to tell
> that. All that is visible from the detail you have shown is that parent
> proxy has forbidden the requests it is receiving.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200627/1ddabb15/attachment.html>
More information about the squid-users
mailing list