Search squid archive

Re: Yahoo messenger behind squid problem : difficult to login

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Gue wrote:

I ran a view windows pc connected to internet via squid (on centos).
setting is quite straight forward. YM works fine, until yahoo is releasing ver 9 

Now it is difficult to logon ( when I use the proxy, with ver 9 )
Sometimes, i just kicked out in the middle of conv, and YM aske me to re-login.

If i try to use older ver of ym, ver 8, cant logon for good.
( ver 9 sometime can logon, but most of the time diffoult)

It all works fine when I bypass the proxy.


Any Idea what to pun on setting to solve the problem ?
what else to put on squid setting, to increase speed  and /or security ?

thanks in adv ...



bellow id the squid proxy setting

http_port 3128
icp_port 0

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?

cache_mem 96 MB
maximum_object_size 20480 KB
maximum_object_size_in_memory 24 KB
cache_replacement_policy heap LFUDA
cache_dir aufs /var/spool/squid 6144 16 256

redirect_children 10

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

connect_timeout 3 minute
persistent_request_timeout 3 minute
pconn_timeout 360 seconds
ident_timeout 30 seconds
shutdown_lifetime 90 seconds

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 1080 1863 6891-6900  563 5050 5190 5222 563 6667

acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !Safe_ports
http_access deny to_localhost

acl our_networks src 192.168.1.0/24
acl YIM_ports port 5000-5100
acl YIM_ports port 936
acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp .yahoo.co.id .yahoo.com.sg
acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp
acl YIM_methods method CONNECT
http_access allow YIM_methods YIM_ports YIM_hosts
http_access allow YIM_methods YIM_ports YIM_domains


acl notallowed src "/etc/squid/usr.notallowed"
acl av_server src "/etc/squid/symantec.av"
acl ajen src 192.168.2.10
acl ph src 192.168.1.21

acl big urlpath_regex -i \.mpg$ \.mpeg$ \.mp3$ \.avi$ \.wmv$ \.rm$
acl badwords url_regex -i "/etc/squid/badwords"
acl restrictedsites url_regex "/etc/squid/sites.restricted"
acl avsites  url_regex "/etc/squid/sites.av_server"
no_cache deny QUERY YIM_ports YIM_domains YIM_hosts YIM_methods


Huh?
That simplifies down to: cache allow all.
Because: QUERY requires pieces of a URL which are not available in YIM_methods (CONNECT) requests. 

"no_cache deny" has been renamed "cache deny"
Therefor the entire rule will never match anything. So squid will drop down to the default action in absence of other storage rules. 




http_access deny big
http_access deny badwords all
http_access deny notallowed all

http_access allow ajen !restrictedsites
http_access allow our_networks !restrictedsites


http_access allow localhost
http_access deny all

http_reply_access allow all

icp_access allow all




and the access log (able to login):

1245319919.205   1229 192.168.1.21 TCP_MISS/200 188 GET http://httpvcs1.msg.yahoo.com/capacity - DIRECT/216.155.194.34 text/plain
1245319921.463   2224 192.168.1.21 TCP_MISS/200 193 GET http://httpvcs1.msg.yahoo.com/capacity - DIRECT/216.155.194.34 text/plain
1245319921.682   2431 192.168.1.21 TCP_MISS/200 192 GET http://httpvcs2.msg.yahoo.com/capacity - DIRECT/98.136.112.56 text/plain
1245319925.284   3796 192.168.1.21 TCP_MISS/200 2170 CONNECT 216.155.194.223:443 - DIRECT/216.155.194.223 -
1245319930.641   5321 192.168.1.21 TCP_MISS/200 2444 CONNECT login.yahoo.com:443 - DIRECT/66.163.169.186 -
1245319935.925   5260 192.168.1.21 TCP_MISS/200 3096 CONNECT login.yahoo.com:443 - DIRECT/66.163.169.186 -
1245319939.204   3251 192.168.1.21 TCP_MISS/200 11953 POST http://216.155.194.223/ - DIRECT/216.155.194.223 -
1245319944.924    759 192.168.1.21 TCP_DENIED/403 1382 POST http://app.sweetim.com/sweetim/dispatcher - NONE/- text/html
1245319945.657   6318 192.168.1.21 TCP_MISS/200 231 POST http://216.155.194.223/ - DIRECT/216.155.194.223 -
1245319946.061   6670 192.168.1.21 TCP_MISS/200 648 GET http://msgr.updates.yahoo.com/vitality_proxy/V1/getEvents? - DIRECT/98.137.44.106 application/xml
1245319946.292   2127 192.168.1.21 TCP_MISS/200 3779 GET http://insider.msg.yahoo.com/ycontent/? - DIRECT/209.191.120.30 text/xml
1245319951.645  12440 192.168.1.21 TCP_MISS/200 5837 POST http://216.155.194.223/ - DIRECT/216.155.194.223 -
1245319951.645   7480 192.168.1.21 TCP_MISS/200 2868 GET http://insider.msg.yahoo.com/client_ad.php? - DIRECT/68.142.231.252 text/html
1245319951.714   7549 192.168.1.21 TCP_MISS/200 19423 GET http://address.yahoo.com/yab/us? - DIRECT/209.191.93.51 text/xml
1245319952.937   6627 192.168.1.21 TCP_MISS/200 231 POST http://216.155.194.223/ - DIRECT/216.155.194.223 -
1245319953.704   7114 192.168.1.21 TCP_MISS/200 648 GET http://msgr.updates.yahoo.com/vitality_proxy/V1/getEvents? - DIRECT/98.137.44.106 application/xml
1245319956.195   3508 192.168.1.21 TCP_MISS/200 426 GET http://us.bc.yahoo.com/b? - DIRECT/203.84.204.69 image/gif
1245319956.913  12748 192.168.1.21 TCP_MISS/502 1248 POST http://216.155.194.223/ - DIRECT/216.155.194.223 text/html
1245319957.083   5438 192.168.1.21 TCP_MISS/200 231 POST http://216.155.194.223/ - DIRECT/216.155.194.223 -
1245319958.913   2589 192.168.1.21 TCP_MISS/200 231 POST http://216.155.194.223/ - DIRECT/216.155.194.223 -
1245319959.962     14 192.168.1.21 TCP_DENIED/403 1382 POST http://app.sweetim.com/sweetim/dispatcher - NONE/- text/html



another log , when cant login :

1245320691.956    994 192.168.1.21 TCP_MISS/200 188 GET http://httpvcs1.msg.yahoo.com/capacity - DIRECT/216.155.194.34 text/plain
1245320695.586   3589 192.168.1.21 TCP_MISS/200 193 GET http://httpvcs1.msg.yahoo.com/capacity - DIRECT/216.155.194.34 text/plain
1245320698.425   6431 192.168.1.21 TCP_MISS/200 192 GET http://httpvcs2.msg.yahoo.com/capacity - DIRECT/98.136.112.56 text/plain
1245320701.363   4811 192.168.1.21 TCP_MISS/200 1740 CONNECT 216.155.194.144:443 - DIRECT/216.155.194.144 -
1245320706.303   4906 192.168.1.21 TCP_MISS/200 1351 CONNECT 216.155.194.144:443 - DIRECT/216.155.194.144 -
1245320710.235   3917 192.168.1.21 TCP_MISS/200 2173 CONNECT 216.155.194.144:443 - DIRECT/216.155.194.144 -
1245320714.197   3921 192.168.1.21 TCP_MISS/200 2516 CONNECT login.yahoo.com:443 - DIRECT/66.163.169.186 -
1245320717.582   3352 192.168.1.21 TCP_MISS/200 3152 CONNECT login.yahoo.com:443 - DIRECT/66.163.169.186 -
1245320721.785   4200 192.168.1.21 TCP_MISS/200 11699 POST http://216.155.194.144/ - DIRECT/216.155.194.144 -
1245320722.468     15 192.168.1.21 TCP_DENIED/403 1382 POST http://app.sweetim.com/sweetim/dispatcher - NONE/- text/html
1245320727.972   6054 192.168.1.21 TCP_MISS/200 231 POST http://216.155.194.144/ - DIRECT/216.155.194.144 -
1245320733.350  11527 192.168.1.21 TCP_MISS/200 5182 POST http://216.155.194.144/ - DIRECT/216.155.194.144 -
1245320734.245   6273 192.168.1.21 TCP_MISS/200 3779 GET http://insider.msg.yahoo.com/ycontent/? - DIRECT/68.142.231.252 text/xml
1245320734.441  12421 192.168.1.21 TCP_MISS/200 648 GET http://msgr.updates.yahoo.com/vitality_proxy/V1/getEvents? - DIRECT/66.196.106.31 application/xml
1245320739.315   5901 192.168.1.21 TCP_MISS/200 231 POST http://216.155.194.144/ - DIRECT/216.155.194.144 -
1245320739.315   5901 192.168.1.21 TCP_MISS/200 684 POST http://216.155.194.144/ - DIRECT/216.155.194.144 -
1245320739.315  11343 192.168.1.21 TCP_MISS/200 648 GET http://msgr.updates.yahoo.com/vitality_proxy/V1/getEvents? - DIRECT/66.196.106.31 application/xml
1245320739.315  11343 192.168.1.21 TCP_MISS/200 672 GET http://address.yahoo.com/yab/us? - DIRECT/209.191.93.51 text/xml
1245320739.315  11343 192.168.1.21 TCP_MISS/200 2869 GET http://insider.msg.yahoo.com/client_ad.php? - DIRECT/68.180.219.51 text/html
1245320739.315  11343 192.168.1.21 TCP_MISS/200 231 POST http://216.155.194.144/ - DIRECT/216.155.194.144 -
1245320739.440    124 192.168.1.21 TCP_DENIED/403 1382 POST http://app.sweetim.com/sweetim/dispatcher - NONE/- text/html
1245320741.805   7264 192.168.1.21 TCP_MISS/200 648 GET http://msgr.updates.yahoo.com/vitality_proxy/V1/getEvents? - DIRECT/66.196.106.31 application/xml

( logged in, then kicked out )

1245320742.490   3174 192.168.1.21 TCP_MISS/200 231 POST http://216.155.194.144/ - DIRECT/216.155.194.144 -
1245320742.960   3520 192.168.1.21 TCP_MISS/200 684 POST http://216.155.194.144/ - DIRECT/216.155.194.144 -
1245320744.007   3914 192.168.1.21 TCP_MISS/200 426 GET http://us.bc.yahoo.com/b? - DIRECT/203.84.204.124 image/gif
1245320745.023   3393 192.168.1.21 TCP_MISS/200 188 GET http://httpvcs1.msg.yahoo.com/capacity - DIRECT/216.155.194.34 text/plain
The only thing that stands out is that you have configured a number of yahoo domains for IM access. But the 403 login failures are happening on connections to app.sweetim.com 

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
  Current Beta Squid 3.1.0.8
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux