[squid-users] SQUID problem with unavailability of Google services

Alex Rousskov rousskov at measurement-factory.com
Sun Dec 22 19:40:41 UTC 2024


On 2024-12-22 08:13, A. Pechenin wrote:
> The reason and solution were not simple and obvious at first glance.
> I have two providers accessing the gateway, the main and backup 
> channels, and automatic switching is configured when the connection on 
> the main channel is lost.
> To check, I switched the proxy server to the second channel and the 
> problem with partial unavailability of Google services was solved.
> 
> I returned it back, used a simple formula in the configuration file with 
> subsequent partial adjustment of ipfw.

Glad you found a solution! Diagnosing problems related to CONNECT 
tunnels is difficult because Squid (playing a role of a dumb TCP relay) 
is often unaware of problems experienced by clients and origin servers.


> # Google via ISP2
> acl google dstdomain .google.com
> tcp_outgoing_address REAL_IP_ISP2 google

Please note that the above configuration usually "works" but is 
unreliable and unsupported: tcp_outgoing_address directive does not 
support slow ACLs and your ACL named google is a slow ACL.

For a more reliable solution, consider annotating google-matching 
transaction at http_access check time and then using those annotations 
at tcp_outgoing_address check time. For a somewhat related example, look 
for "markSpecial" in squid.conf.documented or search this mailing list 
archives for annotate_transaction discussions.


HTH,

Alex.


> сб, 21 дек. 2024 г. в 20:26, A. Pechenin <alexmrrc at gmail.com>:
> 
>     This week, when connecting users through a proxy server, some Google
>     services became inaccessible, such as Calendar, Translator, user
>     profile.
> 
>     When clicking on the services section in the browser on the Google
>     portal, the page does not open and then a connection error is
>     displayed. When directly going to the calendar section, the
>     connection also hangs for a long time without loading the page. At
>     the same time, the Google home page, mail, search work.
> 
>     Transparent proxying is not used.
>     Viewing the proxy server logs did not add any understanding, all
>     requests are processed correctly and no errors or prohibitions are
>     observed. There are no other problems with the unavailability of any
>     sites.
> 
>     When connecting directly (bypassing the proxy server), all Google
>     services work completely correctly.
>     The platform on which the problem was suddenly discovered:
>     FreeBSD 13.2-RELEASE-p9
>     Squid 6.6
> 
>     A new separate server was deployed for objectivity and finding the
>     cause, but the problem was also reproduced there, its platform.
>     FreeBSD 13.4-RELEASE-p2
>     Squid 6.10
> 
>     I tried using the default configuration file (recommended minimum
>     configuration) to eliminate the problem in my working squid.conf,
>     but the problem remained
> 
>     I repeat, the problem reproduced suddenly, no changes were made to
>     the proxy server configuration on our side, no problems with Google
>     have arisen for many years. What should I pay attention to in the
>     Squid configuration? Any idea
> 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list