Em 20/03/2013 14:45, Alex Rousskov escreveu:
On 03/20/2013 11:27 AM, Delton wrote:
The first time when accessing(direct, no F5):
1363776566.837 0 192.168.0.52 TCP_DENIED/200 0 CONNECT
www.facebook.com:443 - HIER_NONE/- -
1363776566.912 0 192.168.0.52 NONE/403 3575 GET
https://www.facebook.com/ - HIER_NONE/- text/html
I see the error message from Squid.
The above looks correct to me: Squid knew that the connection should be
denied, responded with 200 OK to the CONNECT request, bumped the
connection, received the first bumped GET request, and sent the error
message.
Does browser show any signs that it is expecting more of the Squid error
message (e.g., spinning browser logo or some such)? Or does it look like
the browser is 100% happy? Is there an established TCP connection from
browser to Squid after the above Squid error message is displayed for a
few seconds?
I used TCPView to see the connections:
In the first time Squid shows the message 'Access denied' and a
connection between the client and the server stands established.
In the previous email you said that "the conection continues until the
server sends FIN, ACK". I wonder whether that connection was the
Squid-server connection and now you are describing the browser-Squid
connection? Is the summary below accurate?
1. Browser connects and sends plain CONNECT to Squid.
2. Squid connects to the origin server using TLSv1.
3. Squid sends 200 OK to the browser.
4. Browser sends a GET request to Squid.
5. Squid sends an error page to the browser.
6. Some time passes.
7. You press F5.
8. Somebody closes the browser-Squid connection.
9. Browser says "Proxy refused the connection".
I rearranged the steps as I understand that happen:
1. Client connects and sends plain CONNECT to Squid;
2. Squid sends 200 OK to the client;
3. Client sends 'Client Hello' to Squid by the TLSv1;
4. Squid sends 'Server Hello to the client by the TLSv1;
5. Squid and client exchange data. I think that the connection is
encrypted, can not see what Squid sent to the client. I think right now
the message 'Access denied' is displayed on the client.
6. Squid sends FIN, ACK to the client;
7. Passing a maximum of 2 seconds.
8. I press F5.
9. Client connects and sends plain CONNECT to Squid;
10. Squid sends 200 OK to the client;
11. Client sends 'Client Hello' to Squid by the SSL;
12. Squid sends RST, ACK to the client.
13. Client show "Proxy refused the connection".
If I press F5 to refresh the browser, the established connection is
closed and the browser show 'Proxy refused the connection'.
Questions:
a) Which side initiated browser-Squid connection closure in #8?
I think squid.
b) When did the Squid-origin server connection close?
In fact at no time I saw the squid connection to an external server
c) Which side initiated the connection closure in (b)?
Thank you,
Alex.
