Re: [squid-users] Video streaming in some cases not working from Roman Gelfand on 2011-12-13 (squid-users)

From: Roman Gelfand <rgelfand2_at_gmail.com>
Date: Tue, 13 Dec 2011 21:06:13 -0500

No, squidguard doesn't seem to be the problem as when I remove
squidguard out of the picture the problem is still there.

Any ideas.

Thanks

On Tue, Dec 13, 2011 at 8:48 PM, Roman Gelfand <rgelfand2_at_gmail.com> wrote:
> Actually, I didn't see this at first, but it looks like the issue is
> with the squidguard. I realize this is not squidguard forum, but if
> you know a way to solve this I would appreciate it.
>
> 2011-12-13 20:38:22 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://rb.newsru.com//cgi-bin/banner/148?21490&login=echo_214x92&referer=http://www.echo.msk.ru/
> 2011-12-13 20:38:23 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://rb.newsru.com//cgi-bin/banner/48?795035&login=echo_214x92-1&referer=http://www.echo.msk.ru/
> 2011-12-13 20:38:27 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://234.adru.net//cgi-bin/banner/926?52490&login=echomsk234&referer=http://www.echo.msk.ru/
> 2011-12-13 20:38:27 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://234.adru.net//cgi-bin/banner/2031?215045&login=echomsk234-1&referer=http://www.echo.msk.ru/
> 2011-12-13 20:38:28 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://sj1.ru//cgi-bin/banner/492?777&login=echo&referer=http://www.echo.msk.ru/
> 2011-12-13 20:38:31 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://rb.newsru.com//cgi-bin/banner/148?21490&login=echo_214x92&referer=http://www.echo.msk.ru/blog/video/838893-echo/
> 2011-12-13 20:38:33 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://rb.newsru.com//cgi-bin/banner/48?795035&login=echo_214x92-1&referer=http://www.echo.msk.ru/blog/video/838893-echo/
> 2011-12-13 20:38:34 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://234.adru.net//cgi-bin/banner/2031?215045&login=echomsk234-1&referer=http://www.echo.msk.ru/blog/video/838893-echo/
> 2011-12-13 20:38:34 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://234.adru.net//cgi-bin/banner/2109?52490&login=echomsk234&referer=http://www.echo.msk.ru/blog/video/838893-echo/
> 2011-12-13 20:38:35 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://sj1.ru//cgi-bin/banner/460?777&login=echo&referer=http://www.echo.msk.ru/blog/video/838893-echo/
> 2011-12-13 20:39:14 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://rb.newsru.com//cgi-bin/banner/148?21490&login=echo_214x92&referer=http://www.echo.msk.ru/blog/video/838893-echo/
> 2011-12-13 20:39:23 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://rb.newsru.com//cgi-bin/banner/148?21490&login=echo_214x92&referer=http://www.echo.msk.ru/blog/video/838893-echo/
> 2011-12-13 20:39:35 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://234.adru.net//cgi-bin/banner/510?52490&login=echomsk234&referer=http://www.echo.msk.ru/blog/video/838893-echo/
> 2011-12-13 20:39:35 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://sj1.ru//cgi-bin/banner/492?777&login=echo&referer=http://www.echo.msk.ru/blog/video/838893-echo/
> 2011-12-13 20:39:36 [3699] WARN: Possible bypass attempt. Found
> multiple slashes where only one is expected:
> http://234.adru.net//cgi-bin/banner/2031?215045&login=echomsk234-1&referer=http://www.echo.msk.ru/blog/video/838893-echo/
>
>
>
>
>
>
> On Tue, Dec 13, 2011 at 6:21 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On Tue, 13 Dec 2011 16:49:02 -0500, Roman Gelfand wrote:
>>>
>>> Video streaming on this site
>>> http://www.echo.msk.ru/blog/video/838893-echo/ not working. I am not
>>> sure if it has anything to do with it, but I am using ssl bump.
>>>
>>> The squid version is 3.1.16. Squidclamav version is 6.4. c-icap
>>> version is 0.1.7
>>>
>>> 1323811211.100 369 192.168.3.210 TCP_MISS/304 286 GET
>>> http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl -
>>> DIRECT/96.17.10.72 application/pkix-crl
>>> 1323811211.210 102 192.168.3.210 TCP_MISS/304 285 GET
>>> http://crl.microsoft.com/pki/crl/products/CSPCA.crl -
>>> DIRECT/96.17.10.72 application/pkix-crl
>>> 1323811211.334 116 192.168.3.210 TCP_MISS/304 286 GET
>>> http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl -
>>> DIRECT/96.17.10.72 application/pkix-crl
>>> 1323811211.757 415 192.168.3.210 TCP_MISS/304 235 GET
>>>
>>>
>>> http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20Secure%20Server%20Authority(8).crl
>>> - DIRECT/70.37.128.164 application/pkix-crl
>>> 1323811211.820 55 192.168.3.210 TCP_MISS/304 235 GET
>>> http://mscrl.microsoft.com/pki/mscorp/crl/mswww(5).crl -
>>> DIRECT/70.37.128.164 application/pkix-crl
>>> 1323811321.159 988 192.168.3.210 TCP_MISS/200 2567 GET
>>> http://img2.imgsmail.ru/r/my/app/flash_lc.swf - DIRECT/94.100.187.36
>>> application/x-shockwave-flash
>>
>>
>> Notice how the log contains *no* HTTP errors of any kind. In fact how
>> "echo.msk.ru" does not occur in it at all.
>>
>> Do you have any more details about the problem?
>>
>> Amos
Received on Wed Dec 14 2011 - 02:06:22 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 15 2011 - 12:00:03 MST