[squid-users] Secure site access blocked?

From: Neil Loffhagen <[email protected]>
Date: Tue, 19 Apr 2005 08:36:16 -0000

Hi,

Am fairly new to Squid and experiencing proxy behaviour I don't quite
understand, though there of course must be a good reason for it all
happening :) We are replacing an old NT 4 Proxy Server with SuSe
running Squid 2.5 With the NT 4 box there was no special configuration
(at least that's what I'm told by the people here). We are using a
Squid parent proxy in another site to go out to the web through. When I
put the parent squid in get out to all sites fine. No restrictions at
all.
I know the question will be why don't you just use the parent all the
time? Well, it's political here, the sibling proxy is to be used for
this site!! When I go through the Squid sibling some sites are okay,
others not. I could list all the ones we can't get out through, but
that would take a long time :) An example is www.gmail.com,
www.hotmail.com, www.webmail.zen.co.uk and other sites where a user has
to do some kind of authentication? The error that appears in the
browser window is (for example):

ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: webmail.zen.co.uk:443
The following error was encountered:
    * Connection Failed
The system returned:
    (110) Connection timed out
The remote host or network may be down. Please try the request again.

All the other errors also have the web site address with the port 443 at
the end. So I'm assuming this has to do with port 443 being blocked
somehow? I've read "Squid, The Definitive Guide", but can't seem to
find what is needed to open it all up.

Also, downloads seem to timeout. For example, if I go to the firefox
page http://www.mozilla.org/products/firefox/index.html and click on the
Free Download button it eventually timesout.

With Squid I've made the following changes to the squid.conf file:

http_port 80

icp_port 80

cache_peer www-cache.server.co.uk parent 80 80 default no-query
no-digest

http_reply_access allow all

acl bbc_networks src 10.182.0.0/16 192.168.1.0/24 192.168.2.0/24
192.168.3.0/24 192.168.4.0/24 192.168.5.0/24 192.168.6.0/24 http_access
allow bbc_networks http_access allow localhost

The cache.log shows the following:

2005/04/18 15:13:44| Starting Squid Cache version 2.5.STABLE5 for
i686-pc-linux-gnu...
2005/04/18 15:13:44| Process ID 12521
2005/04/18 15:13:44| With 1024 file descriptors available
2005/04/18 15:13:44| DNS Socket created at 0.0.0.0, port 1025, FD 5
2005/04/18 15:13:44| Adding nameserver 10.182.64.64 from
/etc/resolv.conf
2005/04/18 15:13:44| User-Agent logging is disabled.
2005/04/18 15:13:44| Referer logging is disabled.
2005/04/18 15:13:44| Unlinkd pipe opened on FD 10
2005/04/18 15:13:44| Swap maxSize 102400 KB, estimated 17066 objects
2005/04/18 15:13:44| Target number of buckets: 853
2005/04/18 15:13:44| Using 8192 Store buckets
2005/04/18 15:13:44| Max Mem size: 8192 KB
2005/04/18 15:13:44| Max Swap size: 102400 KB
2005/04/18 15:13:44| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2005/04/18 15:13:44| Rebuilding storage in /var/cache/squid (CLEAN)
2005/04/18 15:13:44| Using Least Load store dir selection
2005/04/18 15:13:44| Set Current Directory to /var/cache/squid
2005/04/18 15:13:44| Loaded Icons.
2005/04/18 15:13:44| Accepting HTTP connections at 0.0.0.0, port 80, FD
11.
2005/04/18 15:13:44| Accepting ICP messages at 0.0.0.0, port 80, FD 12.
2005/04/18 15:13:44| HTCP Disabled.
2005/04/18 15:13:44| Accepting SNMP messages on port 3401, FD 13.
2005/04/18 15:13:44| WCCP Disabled.
2005/04/18 15:13:44| Ready to serve requests.
2005/04/18 15:13:44| Configuring Parent www-cache.server.co.uk/80/80
2005/04/18 15:13:44| Done scanning /var/cache/squid swaplog (0 entries)
2005/04/18 15:13:44| Finished rebuilding storage from disk.
2005/04/18 15:13:44| 0 Entries scanned
2005/04/18 15:13:44| 0 Invalid entries.
2005/04/18 15:13:44| 0 With invalid flags.
2005/04/18 15:13:44| 0 Objects loaded.
2005/04/18 15:13:44| 0 Objects expired.
2005/04/18 15:13:44| 0 Objects cancelled.
2005/04/18 15:13:44| 0 Duplicate URLs purged.
2005/04/18 15:13:44| 0 Swapfile clashes avoided.
2005/04/18 15:13:44| Took 0.3 seconds ( 0.0 objects/sec).
2005/04/18 15:13:44| Beginning Validation Procedure
2005/04/18 15:13:44| Completed Validation Procedure
2005/04/18 15:13:44| Validated 0 Entries
2005/04/18 15:13:44| store_swap_size =3D 0k
2005/04/18 15:13:45| storeLateRelease: released 0 objects

Any help will be much appreciated.

Thanks

Neil.
                            

http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain
personal views which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the
BBC monitors e-mails sent or received.
Further communication will signify your consent to this.
Received on Tue Apr 19 2005 - 02:36:18 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT