[squid-users] SQUID problem with unavailability of Google services
Jonathan Lee
jonathanlee571 at gmail.com
Sun Dec 22 19:52:37 UTC 2024
Great Job sorry I assumed this was related to ssl bump issues.
Sent from my iPhone
> On Dec 22, 2024, at 11:47, Alex Rousskov <rousskov at measurement-factory.com> wrote:
>
> On 2024-12-22 08:13, A. Pechenin wrote:
>> The reason and solution were not simple and obvious at first glance.
>> I have two providers accessing the gateway, the main and backup channels, and automatic switching is configured when the connection on the main channel is lost.
>> To check, I switched the proxy server to the second channel and the problem with partial unavailability of Google services was solved.
>> I returned it back, used a simple formula in the configuration file with subsequent partial adjustment of ipfw.
>
> Glad you found a solution! Diagnosing problems related to CONNECT tunnels is difficult because Squid (playing a role of a dumb TCP relay) is often unaware of problems experienced by clients and origin servers.
>
>
>> # Google via ISP2
>> acl google dstdomain .google.com
>> tcp_outgoing_address REAL_IP_ISP2 google
>
> Please note that the above configuration usually "works" but is unreliable and unsupported: tcp_outgoing_address directive does not support slow ACLs and your ACL named google is a slow ACL.
>
> For a more reliable solution, consider annotating google-matching transaction at http_access check time and then using those annotations at tcp_outgoing_address check time. For a somewhat related example, look for "markSpecial" in squid.conf.documented or search this mailing list archives for annotate_transaction discussions.
>
>
> HTH,
>
> Alex.
>
>
>> сб, 21 дек. 2024 г. в 20:26, A. Pechenin <alexmrrc at gmail.com>:
>> This week, when connecting users through a proxy server, some Google
>> services became inaccessible, such as Calendar, Translator, user
>> profile.
>> When clicking on the services section in the browser on the Google
>> portal, the page does not open and then a connection error is
>> displayed. When directly going to the calendar section, the
>> connection also hangs for a long time without loading the page. At
>> the same time, the Google home page, mail, search work.
>> Transparent proxying is not used.
>> Viewing the proxy server logs did not add any understanding, all
>> requests are processed correctly and no errors or prohibitions are
>> observed. There are no other problems with the unavailability of any
>> sites.
>> When connecting directly (bypassing the proxy server), all Google
>> services work completely correctly.
>> The platform on which the problem was suddenly discovered:
>> FreeBSD 13.2-RELEASE-p9
>> Squid 6.6
>> A new separate server was deployed for objectivity and finding the
>> cause, but the problem was also reproduced there, its platform.
>> FreeBSD 13.4-RELEASE-p2
>> Squid 6.10
>> I tried using the default configuration file (recommended minimum
>> configuration) to eliminate the problem in my working squid.conf,
>> but the problem remained
>> I repeat, the problem reproduced suddenly, no changes were made to
>> the proxy server configuration on our side, no problems with Google
>> have arisen for many years. What should I pay attention to in the
>> Squid configuration? Any idea
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list