we are using squid 2.7-Stable6 and SquidGuard 1.4 I think the URLs that are causing trouble are similar to this one: https://us.bc.yahoo.com/b?P=gCsrUUWTcKCpTelyRrdJFADzGDkKtUqCE48AAiib&T=14uar0mrg%2fX%3d1250038671%2fE%3d150001456%2fR%3dregst%2fK%3d5%2fV%3d1.1%2fW%3dJ%2fY%3dYAHOO%2fF%3d3502946160%2fH%3dc2VjdXJlPXRydWUgc2VjdXJlPVwidFwi%2fS%3d1%2fJ%3d8AF18E44&Q=0&O=0.5384668989691079 Rick Chisholm wrote: > it's just redirecting to login.yahoo.com again... but with a long URL, I > will do some more digging and get you a more specific answer. > > I will also check, but I'm pretty sure we are at the latest available > squid 2.7 BSD port. I will post back more accurate details. > > Amos Jeffries wrote: >> On Mon, 10 Aug 2009 22:17:54 -0400, Rick Chisholm <rchisholm@xxxxxxxxxxxxx> >> wrote: >>> In this config - squid is using it's own dnsservers setting in >>> squid.conf in order to avoid the local resolver setting on the OS. We >>> are essentially using squid to avoid openDNS for a particular group at >>> work who need access to things we usually block. >>> >>> The Yahoo login page immediately redirects to some other, much longer >>> URL and that where Squid seems to run into trouble. Using dig to test >>> the same resolvers that Squid is using does not return an error when >>> querying for login.yahoo.com - squid also functions perfectly fine with >>> other login pages like hotmail, gmail etc. It seems to be just Yahoo. >> And the domain to which its redirecting? >> >> It may be a matter of the URL vs Squid release. Do try latest release of >> the version you are currently using, there are both DNS and URL-length >> fixes in the more current ones. >> >> Amos >> >>> Amos Jeffries wrote: >>>> On Mon, 10 Aug 2009 22:01:40 -0400, Rick Chisholm >>>> <rchisholm@xxxxxxxxxxxxx> >>>> wrote: >>>>> what's up with Squid and https://login.yahoo.com? >>>>> >>>>> Our marketing dept. at work needs access to Yahoo Analytics, but they >>>>> have to login via Yahoo! regular login. Squid complains about a DNS >>>>> resolution issue but names the link as >>>>> >>>>> http://443 >>>>> >>>>> It's quite odd. >>>> The strange link is due to some older Squid (3.x?) not generating the >>>> error >>>> page link correctly for HTTPS. >>>> >>>> The problem is still Squid being unable to perform DNS lookups or >> getting >>>> no results back for the domain. >>>> Try a newer release if you can and figure out why its not getting any >> DNS >>>> results back from the resolver. >>>> >>>> Amos >>>> > > -- Rick Chisholm sysadmin Parallel42 e. rchisholm@xxxxxxxxxxxxx m. 519-325-8630 w. www.parallel42.ca
