[squid-users] SQUID problem with unavailability of Google services
A. Pechenin
alexmrrc at gmail.com
Sun Dec 22 06:45:02 UTC 2024
But I don't use sslbump in the proxy server configuration. In general, I
do not understand the procedure for further actions to resolve the problem.
вс, 22 дек. 2024 г. в 00:01, Jonathan Lee <jonathanlee571 at gmail.com>:
> You apply it as a custom setting in Squid. I would seek out what header
> request is failing and start from there to fix your issue.
>
> Good luck.
>
>
> On Dec 21, 2024, at 12:18, A. Pechenin <alexmrrc at gmail.com> wrote:
>
> OK, but how can ACL data be applied in practice to solve the problem I
> described?
>
> сб, 21 дек. 2024 г. в 22:57, Jonathan Lee <jonathanlee571 at gmail.com>:
>
>> You can use the following
>>
>> acl NoSSLIntercept ssl::server_name_regex -i
>> "/usr/local/pkg/reg.url.nobump"
>> acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump"
>>
>> I created a regex based no bump file and or use a dns based no bump file
>> to mark splice only sites.
>>
>> Example of what is in reg.url.nobump file
>>
>> ^((alt[0-9]-mtalk\.)|(mtalk\.)|(mtalk-(staging|dev)\.))google\.com
>> ^((gvt)([0-9]))\.com
>> ^(((clients)[0-9])|accounts)\.google\.(com|us)
>> ^(pki|(crl|ocsp)\.pki)\.google\.com
>> (outlook\.)(office365|office)\.com
>> infinity-c[0-9][0-9]\.youboranqs[0-9][0-9]\.com
>> hulu\.com
>> nflxvideo\.net
>>
>>
>> Or example of what could be in dns.nobump
>> .play.google.com
>> .android.com
>> .google-analytics.com
>> .googleusercontent.com
>> .ggpht.com
>> .dl.google.com
>> .dl-ssl.google.com
>> .android.clients.google.com
>> .omahaproxy.appspot.com
>> .payments.google.com
>> .googleapis.com
>> .notifications.google.com
>> .ogs.google.com
>> .googleapis.com
>>
>> Make sure you follow the enterprise policy for Google Android based
>> products.
>>
>> Some sites simply can not and or should not be bumped and you only should
>> look at the get header.
>>
>> ------------------------------
>> *From:* A. Pechenin <alexmrrc at gmail.com>
>> *Sent:* Saturday, December 21, 2024 11:46
>> *To:* Jonathan Lee <jonathanlee571 at gmail.com>
>> *Cc:* squid-users at lists.squid-cache.org <
>> squid-users at lists.squid-cache.org>
>> *Subject:* Re: [squid-users] SQUID problem with unavailability of Google
>> services
>>
>> I apologize for the formatting of the text of the letter?
>>
>> I will be incorrect if I do not say that there are entries in the
>> cache.log, although the IP does not resolve directly to google subdomains,
>> but according to whois, this is the Google LLC farm.
>>
>> 2024/12/21 21:54:57 kid1| conn43356657 local=MYREALIP:53130 remote=
>> 142.250.186.142:443 HIER_DIRECT FD 121 flags=1: read/write failure: (60)
>> Operation timed out
>> current master transaction: master13542083
>> 2024/12/21 21:58:29 kid1| conn43398624 local=MYREALIP:58390 remote=
>> 142.250.185.238:443 HIER_DIRECT FD 96 flags=1: read/write failure: (60)
>> Operation timed out
>> current master transaction: master13553287
>> 2024/12/21 21:58:30 kid1| conn43398801 local=MYREALIP:58419 remote=
>> 172.217.16.206:443 HIER_DIRECT FD 898 flags=1: read/write failure: (60)
>> Operation timed out
>>
>>
>> сб, 21 дек. 2024 г. в 20:43, Jonathan Lee <jonathanlee571 at gmail.com>:
>>
>> Have you created a splice only file with lists of items that must be
>> spliced at all times, Google mail ethically should be spliced just as an
>> example. Some know sites must be spliced.
>> Sent from my iPhone
>>
>> > On Dec 21, 2024, at 09:32, A. Pechenin <alexmrrc at gmail.com> wrote:
>> >
>> >
>> > This week, when connecting users through a proxy server, some Google
>> services became inaccessible, such as Calendar, Translator, user profile.
>> >
>> > When clicking on the services section in the browser on the Google
>> portal, the page does not open and then a connection error is displayed.
>> When directly going to the calendar section, the connection also hangs for
>> a long time without loading the page. At the same time, the Google home
>> page, mail, search work.
>> >
>> > Transparent proxying is not used.
>> > Viewing the proxy server logs did not add any understanding, all
>> requests are processed correctly and no errors or prohibitions are
>> observed. There are no other problems with the unavailability of any sites.
>> >
>> > When connecting directly (bypassing the proxy server), all Google
>> services work completely correctly.
>> > The platform on which the problem was suddenly discovered:
>> > FreeBSD 13.2-RELEASE-p9
>> > Squid 6.6
>> >
>> > A new separate server was deployed for objectivity and finding the
>> cause, but the problem was also reproduced there, its platform.
>> > FreeBSD 13.4-RELEASE-p2
>> > Squid 6.10
>> >
>> > I tried using the default configuration file (recommended minimum
>> configuration) to eliminate the problem in my working squid.conf, but the
>> problem remained
>> >
>> > I repeat, the problem reproduced suddenly, no changes were made to the
>> proxy server configuration on our side, no problems with Google have arisen
>> for many years. What should I pay attention to in the Squid configuration?
>> Any idea
>> > _______________________________________________
>> > squid-users mailing list
>> > squid-users at lists.squid-cache.org
>> > https://lists.squid-cache.org/listinfo/squid-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20241222/d0d4765c/attachment-0001.htm>
More information about the squid-users
mailing list