Search squid archive

unable to connect to ssl site: google+

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear list

Today I ran into a problem, which I am unable to solve myself. Almost
all ssl sites work well. For instance I can browse to
https://banking.postbank.de or https://epetitionen.bundestag.de/
without problems. However I am unable to connect to google+
https://plus.google.com, getting: "The connection has timed out".

While browsing to i.e https://epetitionen.bundestag.de/ I get in my access_log:
1325006076.306      0 192.168.2.104 TCP_DENIED/407 1733 CONNECT
epetitionen.bundestag.de:443 - NONE/- text/html
1325006076.311      0 192.168.2.104 TCP_DENIED/407 1903 CONNECT
epetitionen.bundestag.de:443 - NONE/- text/html
1325006076.633      0 192.168.2.104 TCP_DENIED/407 1709 CONNECT
sdc.bundestag.de:443 - NONE/- text/html
1325006076.699      2 192.168.2.104 TCP_DENIED/407 1879 CONNECT
sdc.bundestag.de:443 - NONE/- text/html
1325006076.817    112 192.168.2.104 TCP_MISS/200 1446 CONNECT
sdc.bundestag.de:443 schueler2 DIRECT/217.79.215.173 -

While browsing https://plus.google.com I get:
1325006240.062     52 192.168.2.104 TCP_DENIED/407 1706 CONNECT
plus.google.com:443 - NONE/- text/html
1325006240.066      1 192.168.2.104 TCP_DENIED/407 1876 CONNECT
plus.google.com:443 - NONE/- text/html
1325006240.119     49 192.168.2.104 TCP_MISS/404 0 CONNECT
plus.google.com:443 schueler2 DIRECT/- -

I am running Squid Version 2.7 on an ubuntu 10.04 LTS machine. User
authentication is done via NTLM against an AD, using the
wbinfo_group.pl script. I have attached my squid.conf to this mail.

My first questions is if course: Whats the reason for the google+
request failing?
My second question is why I see three log file entries for each ssl
request. Two unauthenticated ones and the third one authenticated?

Thanks for all your efforts.

B. Brandt

###				              ###
#	Basic update_domains definitions	#
###				              ###

acl update_domains dstdomain "/etc/squid/config/update_domains" 
acl update_ips dstdomain "/etc/squid/config/update_ips"

acl CONNECT method CONNECT

acl localnet src 0.0.0.0/0
acl localhost src 127.0.0.1/32

http_access allow CONNECT update_domains localnet
http_access allow CONNECT update_domains localhost
http_access allow CONNECT update_ips localnet 
http_access allow CONNECT update_ips localhost
http_reply_access allow CONNECT update_domains localnet
http_reply_access allow CONNECT update_domains localhost
http_reply_access allow CONNECT update_ips localnet 
http_reply_access allow CONNECT update_ips localhost
http_access allow update_domains localnet
http_access allow update_domains localhost
http_access allow update_ips localnet
http_access allow update_ips localhost
http_reply_access allow update_domains localnet
http_reply_access allow update_domains localhost
http_reply_access allow update_ips localnet 
http_reply_access allow update_ips localhost

###                                   ###
#	Basic configuration directives		#
###				                      ###

# Authentication helpers
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 25
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

external_acl_type winbind_group_helper %LOGIN /usr/lib/squid/wbinfo_group.pl

acl all src all

### Basic stuff
acl manager proto cache_object
log_access deny manager

icp_access allow localnet
icp_access deny all
http_port 8080
hierarchy_stoplist cgi-bin ?
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
cache_mem 256 MB 
#cache_dir ufs /var/spool/squid 100 16 256

cache_store_log none 
access_log /var/log/squid/access.log squid
logfile_rotate 2
error_directory /usr/share/squid/errors/German

url_rewrite_children 5 startup=2 idle=1
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_access allow all

refresh_pattern -i \.jpeg$ 5 50% 4320
refresh_pattern -i \.jpg$ 5 50% 4320
refresh_pattern -i \.png$ 5 50% 4320 
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache  
broken_vary_encoding allow apache

coredump_dir /var/cache/squid

###			      ###
#	Port Definitions	#
###			      ###


acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http

###				      ###
#	User Rights Definitions 	#
###				      ###

http_access allow manager localhost
http_access deny manager all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
http_reply_access allow manager localhost
http_reply_access allow all
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux