Hi all. I've search in the internet and i've done some experiences with some solutions i found on the internet, but still no luck. In some https sites i'm getting TCP_MISS/503 0 CONNECT and the page is not displayed. It has to be something to do with squid, because if i don't use a proxy server (my machine is allowed to connect directly to the internet - so is the proxy server) i don't get any errors and the sites are displayed correctly. the funny thing is, if i refresh the page, most of the times, it works.. But never the first time... Sometimes i get this error in the browser (chromium): Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error. In squid access.log, this is the error: 1340974582.878 4 192.168.98.3 TCP_MISS/503 0 CONNECT plus.google.com:443 - DIRECT/- - 1340974586.898 2 192.168.98.3 TCP_MISS/503 0 CONNECT ssl.gstatic.com:443 - DIRECT/- - 1340974586.898 2 192.168.98.3 TCP_MISS/503 0 CONNECT lh6.googleusercontent.com:443 - DIRECT/- - 1340974587.579 3 192.168.98.3 TCP_MISS/503 0 CONNECT images3-focus-opensocial.googleusercontent.com:443 - DIRECT/- - 1340974587.596 17 192.168.98.3 TCP_MISS/503 0 CONNECT lh3.googleusercontent.com:443 - DIRECT/- - 1340974587.596 17 192.168.98.3 TCP_MISS/503 0 CONNECT s2.googleusercontent.com:443 - DIRECT/- - 1340974587.598 5 192.168.98.3 TCP_MISS/503 0 CONNECT images1-focus-opensocial.googleusercontent.com:443 - DIRECT/- - 1340974587.598 20 192.168.98.3 TCP_MISS/503 0 CONNECT images1-focus-opensocial.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.603 6 192.168.98.3 TCP_MISS/503 0 CONNECT images2-focus-opensocial.googleusercontent.com:443 - DIRECT/- - 1340974587.603 9 192.168.98.3 TCP_MISS/503 0 CONNECT images2-focus-opensocial.googleusercontent.com:443 - DIRECT/- - 1340974588.573 10 192.168.98.3 TCP_MISS/503 0 CONNECT apis.google.com:443 - DIRECT/- - 1340974588.644 81 192.168.98.3 TCP_MISS/503 0 CONNECT talkgadget.google.com:443 - DIRECT/- - 1340974588.644 84 192.168.98.3 TCP_MISS/503 0 CONNECT talkgadget.google.com:443 - DIRECT/- - (after refresh the page) 1340974588.698 522 192.168.99.16 TCP_MISS/200 18114 CONNECT plus.google.com:443 - DIRECT/173.194.34.230 - I'm using Squid with dansguardian for content filtering. The clients connect to 8080 port (dansguardian) . Squid and dansguardian connect with port 3128. Here is my squid configuration: ------------------------------------------------------- http_port 127.0.0.1:3128 auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "ou=people,dc=domain,dc==com" -f "uid=%s" -H ldaps://ldapserver.domain.com:636 -v 3 auth_param basic children 5 auth_param basic realm Please type your credentials! auth_param basic credentialsttl 1 minute acl ldapAuth proxy_auth REQUIRED acl manager proto cache_object acl webserver src 127.0.0.1/32 acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl HalNetworks src 172.20.0.0/16 192.168.20.0/24 192.168.30.0/24 192.168.240.0/24 192.168.250.0/24 acl Nonet src "/etc/squid/HalNonet.squid" acl HalDeny dstdom_regex "/etc/squid/HalDeny.squid" acl SSL_ports port 443 acl SSL_ports port 631 # Cups acl SSL_ports port 873 # Rsync acl SSL_ports port 1494 # citrix acl SSL_ports port 2598 # citrix acl SSL_ports port 4433 # DGS acl Safe_ports port 80 # http acl Safe_ports port 81 # http acl Safe_ports port 82 # escolas acl Safe_ports port 8081 # http acl Safe_ports port 8181 # Coaguladores acl Safe_ports port 873 # rsync acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https #acl Safe_ports port 70 # gopher #acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 1494 # citrix acl Safe_ports port 2598 # citrix acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl POST method POST http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny !HALNetworks http_access allow localhost http_access deny Nonet http_access allow ldapAuth http_access deny all icp_access allow HALNetworks icp_access deny all acl_uses_indirect_client on follow_x_forwarded_for allow localhost hierarchy_stoplist cgi-bin ? cache_mem 1876 MB maximum_object_size_in_memory 4096 KB memory_replacement_policy lru cache_replacement_policy heap GDSF cache_dir ufs /cache 96000 16 256 maximum_object_size 4096 KB access_log /var/log/squid/access.log squid log_fqdn off refresh_pattern ^ftp: 30 20% 10080 refresh_pattern . 30 20% 4320 refresh_all_ims on cache_mgr squid@xxxxxxxxxx mail_from squid@xxxxxxxxxx cache_effective_user squid cache_effective_group squid visible_hostname proxy.domain.com error_directory /usr/share/squid/errors/pt-pt coredump_dir /var/spool/squid ----------------------------------------------- I'm using squid-3.1.0.16-7 on CentOS 5.8 x86_64 Any hints on what it might be ? I have no clue. Thank you -- Use Open Source Software Human knowledge belongs to the world Bruno Santos Linux registered user #349448
