Yes, there are. But are the same rules and same NAT address used when I bypass the proxy. In other words, the rules are same for both kind of access. -----Original Message----- From: Bill Jacqmein [mailto:wrjacqmein@xxxxxxxxx] Sent: Wednesday, April 19, 2006 6:31 PM To: Rodrigo Barros Cc: Mark Elsen; squid-users@xxxxxxxxxxxxxxx Subject: Re: HTTPS Web SITE TIMEOUT Any firewall rules in place upstream from the squid proxy? On 4/19/06, Rodrigo Barros <rbarros@xxxxxxxxxxxxxx> wrote: > The web site is www.equifax.com.br , but the problem only happens > after I authenticate in the site and try to access an specific url > (https://novoequifaxpessoal.equifax.com.br/PessoalPlusWeb/login.jsp). > > The result is always the same: > > novoequifaxpessoal.equifax.com.br:443 > > (60) Connection timed out</ > > Here's what is shown in the access.log file: > > 1145466458.378 445 XX.XXX.XX.XX TCP_DENIED/407 1901 CONNECT > novoequifaxpessoal.equifax.com.br:443 - NONE/- text/html > 1145466459.524 591 XX.XXX.XX.XX TCP_DENIED/407 2089 CONNECT > novoequifaxpessoal.equifax.com.br:443 - NONE/- text/html > 1145466465.724 6200 XX.XXX.XX.XX TCP_MISS/200 4441 CONNECT > novoequifaxpessoal.equifax.com.br:443 XXX\barrosr > DIRECT/200.142.202.182 > - > 1145466465.770 2 XX.XXX.XX.XX TCP_DENIED/407 1901 CONNECT > novoequifaxpessoal.equifax.com.br:443 - NONE/- text/html > 1145466465.783 9 XX.XXX.XX.XX TCP_DENIED/407 2089 CONNECT > novoequifaxpessoal.equifax.com.br:443 - NONE/- text/html > 1145466465.999 215 XX.XXX.XX.XX TCP_MISS/200 3576 CONNECT > novoequifaxpessoal.equifax.com.br:443 XXX\barrosr > DIRECT/200.142.202.182 > - > 1145466466.078 19 XX.XXX.XX.XX TCP_DENIED/407 1901 CONNECT > novoequifaxpessoal.equifax.com.br:443 - NONE/- text/html > 1145466466.109 22 XX.XXX.XX.XX TCP_DENIED/407 2089 CONNECT > novoequifaxpessoal.equifax.com.br:443 - NONE/- text/html > 1145466466.316 202 XX.XXX.XX.XX TCP_MISS/200 3587 CONNECT > novoequifaxpessoal.equifax.com.br:443 XXX\barrosr > DIRECT/200.142.202.182 > - > 1145466466.323 2 XX.XXX.XX.XX TCP_DENIED/407 1901 CONNECT > novoequifaxpessoal.equifax.com.br:443 - NONE/- text/html > 1145466466.334 7 XX.XXX.XX.XX TCP_DENIED/407 2089 CONNECT > novoequifaxpessoal.equifax.com.br:443 - NONE/- text/html > 1145466526.011 59676 XX.XXX.XX.XX TCP_MISS/503 0 CONNECT > novoequifaxpessoal.equifax.com.br:443 XXX\barrosr > DIRECT/200.142.202.182 > - > > After the last TCP_MISS/503 I got the (60) timeout message. > > Here's what it's shown in cache.log: > > [2006/04/19 14:06:04, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606) > Got user=[barrosr] domain=[XXX] workstation=[XXX] len1=24 len2=24 > [2006/04/19 14:06:04, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) > NTLMSSP Sign/Seal - Initialising with flags: > [2006/04/19 14:06:04, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x20088215 > > > Is there anythign else I can provide ? > > Thanks, > > Rodrigo > > > -----Original Message----- > From: Mark Elsen [mailto:mark.elsen@xxxxxxxxx] > Sent: Wednesday, April 19, 2006 1:32 AM > To: Rodrigo Barros > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: HTTPS Web SITE TIMEOUT > > > Hi All, > > > > I've been searching google for a while and couldn't find a solution > > for my problem, so if this has already been posted here sorry. > > > > I'm running Squid 2.5.10 with ntlm authentication, and I have this > > ssl > > > web site that does not connect. The only error message I get is (60) > > Connection timed out . > > > > If I bypass the proxy and go straight to the web site, I can > > succesfully access the resource. Any ideas? > > > > - What's the URL of the site ? > - access.log entry when this is tried ? > > - Anything further in cache.log ? > > M. > > >
