Hi I have a proxy server with Squid 2.7 installed, and I a problem with a specific page. www.correo-gto.com.mx A client can not access via proxy (squid 2.7) to this page. Accessing to diferents pages I do not have this problem, the navigation via proxy works fine. I have adj the config file for the squid. I have the following logs: (1) log in /var/log/squid/access.log: --------------------------------- 1354318142.058 381547 10.0.12.51 TCP_MISS/502 1634 GET http://www.correo-gto.com.mx/ - DIRECT/184.154.122.58 text/html 1354318175.552 378090 10.0.12.51 TCP_MISS/502 1634 GET http://www.correo-gto.com.mx/ - DIRECT/184.154.122.58 text/html 1354318206.135 378088 10.0.12.51 TCP_MISS/502 1634 GET http://www.correo-gto.com.mx/ - DIRECT/184.154.122.58 text/html (2) error in firefox accessing to www.correo-gto.com.mx ----------------- ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://www.correo-gto.com.mx/ Read Error The system returned: (104) Connection reset by peer An error condition occurred while reading data from the network. Please retry your request. Your cache administrator is webmaster. Generated Fri, 31 Aug 2012 21:36:31 GMT by webproxy (squid/2.7.STABLE7) (3.a) Testin nslookup from the proxy server: -------------------------------- # nslookup correo-gto.com.mx Server: 10.0.0.2 Address: 10.0.0.2#53 Non-authoritative answer: Name: correo-gto.com.mx Address: 184.154.122.58 (4.a) Making a tracepath to correo-gto.com.mx from proxy server --------------------------------- # tracepath correo-gto.com.mx 1: web.congresogto.gob.mx (10.0.0.8) 0.200ms pmtu 1500 1: 10.0.0.253 (10.0.0.253) 0.230ms 1: 10.0.0.253 (10.0.0.253) 0.183ms 2: no reply 3: no reply 4: no reply ... 30: no reply 31: no reply I have posted the problem in, but I have not had a contribution. http://www.linuxquestions.org/questions/showthread.php?p=4771659#post4771659 I will appreciate a lot, if you can help me on this, I been looking throw a solution, but I have not succeed. On the other hand, I have configure a new proxy test with squid 3.1, and works fine, I can reach to the page correo-gto.com.mx with out any problem. Thanks and have a great day. squid.conf file, here are the changes that I have made: diff -purN squid.conf.orig squid.conf --- squid.conf.orig 2012-03-22 09:30:54.732721143 -0600 +++ squid.conf 2012-12-05 13:02:57.745042191 -0600 @@ -608,7 +608,7 @@ acl to_localhost dst 127.0.0.0/8 0.0.0.0 # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network -acl localnet src 192.168.0.0/16 # RFC1918 possible internal network +acl localnet src 192.168.1.0/24 # RFC1918 possible internal network # acl SSL_ports port 443 # https acl SSL_ports port 563 # snews @@ -626,9 +626,16 @@ acl Safe_ports port 777 # multiling htt acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT +acl Safe_ports port 3201 # SAP +acl Safe_ports port 82 # isseg + acl purge method PURGE acl CONNECT method CONNECT +# Lista de pAginas denegadas +acl pages_deny url_regex "/etc/squid/pagesDeny.acl" +acl pages_acces url_regex "/etc/squid/pagesAcces.acl" + # TAG: http_access # Allowing or Denying access based on defined access lists # @@ -662,6 +669,11 @@ http_access deny purge http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports + +# Deny pages request +#http_access deny pages_deny +#http_access allow pages_acces + # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only @@ -673,7 +685,7 @@ http_access deny CONNECT !SSL_ports # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed -#http_access allow localnet +http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy @@ -715,8 +727,8 @@ http_access deny all # icp_access deny all # #Allow ICP queries from local networks only -icp_access allow localnet -icp_access deny all +##icp_access allow localnet +##icp_access deny all # TAG: htcp_access # Allowing or Denying access to the HTCP port based on defined @@ -1111,7 +1123,7 @@ icp_access deny all # visible on the internal address. # # Squid normally listens to port 3128 -http_port 3128 +http_port 3128 transparent # TAG: https_port # Note: This option is only available if Squid is rebuilt with the @@ -1748,7 +1760,7 @@ hierarchy_stoplist cgi-bin ? # objects. # #Default: -# cache_mem 8 MB +cache_mem 1024 MB # TAG: maximum_object_size_in_memory (bytes) # Objects greater than this size will not be attempted to kept in @@ -1757,7 +1769,7 @@ hierarchy_stoplist cgi-bin ? # enough to keep larger objects from hoarding cache_mem. # #Default: -# maximum_object_size_in_memory 8 KB +maximum_object_size_in_memory 512 KB # TAG: memory_replacement_policy # The memory replacement policy parameter determines which @@ -1955,7 +1967,7 @@ hierarchy_stoplist cgi-bin ? # (hard coded at 1 MB). # #Default: -# cache_dir ufs /var/spool/squid 100 16 256 +cache_dir ufs /var/spool/squid 6144 14 256 # TAG: store_dir_select_algorithm # Set this to 'round-robin' as an alternative. @@ -1998,7 +2010,7 @@ hierarchy_stoplist cgi-bin ? # proper proxy for APT. # #Default: -# maximum_object_size 20480 KB +maximum_object_size 10240 MB # TAG: cache_swap_low (percent, 0-100) # TAG: cache_swap_high (percent, 0-100) @@ -2015,8 +2027,8 @@ hierarchy_stoplist cgi-bin ? # numbers closer together. # #Default: -# cache_swap_low 90 -# cache_swap_high 95 +cache_swap_low 90 +cache_swap_high 95 # TAG: update_headers on|off # By default Squid updates stored HTTP headers when receiving @@ -2816,6 +2828,7 @@ refresh_pattern . 0 20% 4320 # #Default: # negative_ttl 5 minutes +negative_ttl 0 seconds # TAG: positive_dns_ttl time-units # Upper limit on how long Squid will cache positive DNS responses. @@ -2892,6 +2905,7 @@ refresh_pattern . 0 20% 4320 # #Default: # request_header_max_size 20 KB +request_header_max_size 64 KB # TAG: reply_header_max_size (KB) # This specifies the maximum size for HTTP headers in a reply. @@ -2902,6 +2916,7 @@ refresh_pattern . 0 20% 4320 # #Default: # reply_header_max_size 20 KB +reply_header_max_size 64 KB # TAG: request_body_max_size (KB) # This specifies the maximum size for an HTTP request body. @@ -3307,6 +3322,7 @@ extension_methods REPORT MERGE MKACTIVIT # #Default: # half_closed_clients on +half_closed_clients off # TAG: pconn_timeout # Timeout for idle persistent connections to servers and other @@ -3344,8 +3360,7 @@ extension_methods REPORT MERGE MKACTIVIT # mail if the cache dies. The default is "webmaster". # #Default: -# cache_mgr webmaster - +cache_mgr dti@xxxxxxxxxxxxxxxxxx # TAG: mail_from # From: email-address for mail sent when the cache dies. # The default is to use 'appname@unique_hostname'. @@ -3498,7 +3513,7 @@ extension_methods REPORT MERGE MKACTIVIT # #Default: # httpd_accel_no_pmtu_disc off - +httpd_accel_no_pmtu_disc on # DELAY POOL PARAMETERS # ----------------------------------------------------------------------------- @@ -3815,6 +3830,7 @@ extension_methods REPORT MERGE MKACTIVIT # #Default: # persistent_connection_after_error off +persistent_connection_after_error on # TAG: detect_broken_pconn # Some servers have been found to incorrectly signal the use @@ -3940,6 +3956,7 @@ extension_methods REPORT MERGE MKACTIVIT # #Default: # icp_port 3130 +icp_port 0 # TAG: htcp_port # The port number where Squid sends and receives HTCP queries to @@ -4236,6 +4253,7 @@ extension_methods REPORT MERGE MKACTIVIT # #Default: # error_directory /usr/share/squid/errors/en +error_directory /usr/share/squid/errors/es-mx # TAG: error_map # Map errors to custom messages @@ -4511,6 +4529,7 @@ extension_methods REPORT MERGE MKACTIVIT # #Default: # check_hostnames on +check_hostnames off # TAG: allow_underscore # Underscore characters is not strictly allowed in Internet hostnames @@ -4888,6 +4907,7 @@ coredump_dir /var/spool/squid # #Default: # balance_on_multiple_ip on +balance_on_multiple_ip off # TAG: pipeline_prefetch # To boost the performance of pipelined requests to closer -- Diego
