Ramiro Sabastta wrote:
Hi !!!
I've installed a Squid box transparent mode (3STABLE7) with Debian. A
router send all the request to the port 80 to my squid box on 3128
port.
I've problems with google pages. Sometimes when somedy try to sail in
google the result is a http://www.google.com.ar/sorry/?.
"strip_query_terms off" in your Squid.conf will allow you to see the
text after the question mark.
This page say
something like the ip origin maybe is a malicious source, like a virus
or spyware.
I put in my squid.conf exepcions to google:
acl exepciones dstdomain "/usr/local/squid/etc/exepciones"
always_direct allow exepciones
*sigh* http://www.squid-cache.org/Versions/v3/3.0/cfgman/always_direct.html
And I quote...
Here you can use ACL elements to specify requests which should
ALWAYS be forwarded by Squid to the origin servers without using any
peers. For example, to always directly forward requests for local
servers ignoring any parents or siblings you may have use something
like...
The important bits are "by Squid" and "without using any peers". Once
the traffic has been handed to Squid (be it via specifying the proxy
explicitly in the browser, using WPAD or interception) Squid has to
handle that traffic. If you want to bypass Squid for some Internet
traffic don't send that traffic to Squid.
and the exepciones file is as follws:
.google.com
.google.com.ar
.gmail.com
but nothing changes.
Any idea?
Set your router up to pass traffic destined to Google directly to Google
(and not to Squid). Otherwise track down and eliminate the traffic that
is causing Google to view your clients with suspicion.
Is posible than a lot of requeriments with the same ip (the proxy ip)
causes this behavior?
If some of the requests being sent through the proxy are malicious, the
IP might be flagged. I'm sure Google has more information.
The squid always send his own origin IP to the web?
Unless you have gone through the trouble of setting up TPROXY, yes.
Thanks a lot !!!
Regards !!
Ramiro
Chris
