[squid-users] problem whith squid and google search engine

From: Дмитрий Шиленко <d.shylenko_at_global-it.com.ua>
Date: Mon, 09 Jun 2014 10:26:30 +0300

my mistake - I have this line commented out in the original configuration.
When I put the configuration in a letter - accidentally deleted the comment
character "#"

Amos Jeffries писал 09.06.2014 10:12:
> On 9/06/2014 6:24 p.m., Дмитрий Шиленко wrote:
>> This is my config file:
>>
>> http_port 127.0.0.1:3128
>> http_port 127.0.0.1:3129 intercept
>
> Okay, so Squid takes in:
> * forward-proxy traffic to port 3128
> * NAT intercepted port 80 traffc (via port 3129)
>
> Google does not use HTTP anymore. They use HTTPS almost exclusively.
> Which means port 443 TLS encrypted traffic or CONNECT requests over port
> 3128.
>
> But...
>
>> connect_timeout 20 second
>> dns_v4_first on
>> shutdown_lifetime 1 seconds
>> cache deny all
>> #cache_mem 256 MB
>> #maximum_object_size_in_memory 512 KB
>> coredump_dir /usr/local/squid
>> access_log daemon:/usr/local/squid/log/access.log squid
>> #strip_query_terms off
>> log_mime_hdrs on
>> #forwarded_for transparent
>> #via off
>> cache_mgr root_at_localhost
>> visible_hostname proxy.localnet.local
>>
>> acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
>> acl CONNECT method CONNECT
>> acl AdminsIP src "/usr/local/etc/squid/AccessLists/AdminsIP.txt"
>> acl RestrictedDomains dstdomain
>> "/usr/local/etc/squid/AccessLists/RestrictedDomains.txt"
>> acl MimeAudioVideo rep_mime_type audio video
>> acl UrlIP url_regex -i
>> ^http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/.*
>>
>> http_access allow manager localhost
>> #http_access allow manager CacheManagerIP
>> http_access deny manager
>> #Значение disable all отключает управление кэшем
>> #cachemgr_passwd disable all
>>
>> http_access deny CONNECT
>
> ... you have denied all use of CONNECT. Even to transfer HTTPS.
>
> The default recommended config has "!SSL_Ports" on the end of that line
> in order to permit HTTPS traffic like google through the proxy.
>
>
> Also, check that you are NOT intercepting or bocking port 443. Your
> Squid is currently not setup to handle TLS/SSL.
>
> Amos
>
>> http_access deny to_localhost
>> http_access allow AdminsIP
>> http_access deny RestrictedDomains
>> #http_access deny UrlIP
>> http_access allow localnet
>> http_access deny all
>> #http_reply_access allow AdminsIP
>> #http_reply_access deny MimeAudioVideo
>> http_reply_access allow all
>> #refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>> refresh_pattern . 0 20% 4320
>>
>> Amos Jeffries писал 09.06.2014 04:11:
>>> On 9/06/2014 3:10 a.m., Дмитрий Шиленко wrote:
>>>> There is a very strange problem. I have freebsd 9.1 gateway configured
>>>> with ipfv ipnat and I decided to set up a squid. Installed from ports
>>>> SQUID 3.3. As soon as I run it - gugle.tsom immediately blocks my
>>>> network and try to access the search engine says that my requests are
>>>> sent automatically.Once turn off the squid - all ok. Prompt in what
>>>> could be the problem?
>>>>
>>>
>>> Something in the configuration. But you omitted those details aong with
>>> the actual error message details. So we cannot help more than that.
>>>
>>> Amos
>>
>>

-- 
  С ув. Шиленко Дмитрий
  Системный инженер
  global-it.com.ua
  моб. (063)142-32-59
  офис 221-55-72
Received on Mon Jun 09 2014 - 07:26:38 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 10 2014 - 12:00:04 MDT