[squid-users] SQUID problem with unavailability of Google services

Alex Rousskov rousskov at measurement-factory.com
Sun Dec 22 01:51:00 UTC 2024 

On 2024-12-21 12:26, A. Pechenin wrote:
> This week, when connecting users through a proxy server, some Google 
> services became inaccessible, such as Calendar, Translator, user profile.

Do you use any ssl_bump directives? You have mentioned a test with 
"default configuration file" below. That configuration file does not 
have any ssl_bump directives. When testing with that default 
configuration file, did you add any ssl_bump directives?

If you are not using SslBump, then suggestions regarding "splicing" do 
not apply to your environment -- your Squid is already effectively 
splicing all TLS connections. In this case, please clarify whether 
"Operation timed out" failures that you have mentioned in your second 
post are also reflected in access.log records. You have said that "all 
requests are processed correctly and no errors or prohibitions are 
observed", and I am trying to correlate that statement with those 
timeout errors...


> 2024/12/21 21:54:57 kid1| conn43356657 local=MYREALIP:53130
> remote=142.250.186.142:443 HIER_DIRECT FD 121 flags=1: 
> read/write failure: (60) Operation timed out
> current master transaction: master13542083

Do you know whether these timeout errors were present when everything 
was working correctly?

Do you always see at least one such timeout error for every case when 
"the page does not open and then a connection error is displayed"? In 
other words, is there a strong correlation between client-side problems 
and these timeout errors in cache.log?


Thank you,

Alex.


> When clicking on the services section in the browser on the Google 
> portal, the page does not open and then a connection error is displayed. 
> When directly going to the calendar section, the connection also hangs 
> for a long time without loading the page. At the same time, the Google 
> home page, mail, search work.
> 
> Transparent proxying is not used.
> Viewing the proxy server logs did not add any understanding, all 
> requests are processed correctly and no errors or prohibitions are 
> observed. There are no other problems with the unavailability of any sites.
> 
> When connecting directly (bypassing the proxy server), all Google 
> services work completely correctly.
> The platform on which the problem was suddenly discovered:
> FreeBSD 13.2-RELEASE-p9
> Squid 6.6
> 
> A new separate server was deployed for objectivity and finding the 
> cause, but the problem was also reproduced there, its platform.
> FreeBSD 13.4-RELEASE-p2
> Squid 6.10
> 
> I tried using the default configuration file (recommended minimum 
> configuration) to eliminate the problem in my working squid.conf, but 
> the problem remained
> 
> I repeat, the problem reproduced suddenly, no changes were made to the 
> proxy server configuration on our side, no problems with Google have 
> arisen for many years. What should I pay attention to in the Squid 
> configuration? Any idea
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list