On 26/03/2014 12:58 a.m., Antonio Gutiérrez Mayoral wrote: > Hi there, I have a problem with my squid setup. I am running > Squid 3.2 in a SLES 11 box. Ok, everthing is working fine, with my > particular setup but I have discovered (by my users) that there is > at least two sites that are not working. > > The strange thing is this sites are not forbidden, but, I am seeing > 403 codes and after that, the home site for this sles server :? (for apache) > not my 403 customized page in case this site was forbiden (like facebook, > youtube, etc). > > This sites are spanish sites: www.aemet.es and www.agenciatributaria.es > Its very strange. The access.log shows this: > > 1395744973.690 2 10.10.5.17 TCP_MISS/403 5821 GET http://www.aemet.es/ > MyUser DIRECT/:: text/html Apparently the IP address of their server is ANY_ADDR. > > 1395744973.707 6 10.10.5.17 TCP_REFRESH_UNMODIFIED/304 330 GET > http://www.aemet.es/welcome/inc/micro.js MyUser DIRECT/:: - > > 1395744973.708 5 10.10.5.17 TCP_REFRESH_UNMODIFIED/304 329 GET > http://www.aemet.es/welcome/inc/share.js MyUser DIRECT/:: - > Weird thing is those apparently working. Perhapse you have a log display bug. > The strange thing is I have runned tcpdump in the proxy server, and > the DNS queries for > aemet.es were ok, after that there isnt any kind of connection from > the proxy server > to the aemet site. I dont understand why. dig AAAA www.aemet.es ;; ANSWER SECTION: www.aemet.es. 86370 IN CNAME B23117.cdn.telefonica.com. B23117.cdn.telefonica.com. 21571 IN CNAME b23117.2.cdn.telefonica.com. b23117.2.cdn.telefonica.com. 16 IN AAAA :: ... yes, that is the actual DNS record the telefonica CDN servers told your Squid to contact. If you know how to contact them an email to their NOC would not go amiss. I assume your tests were all checking the IPv4 connectivity to the website - which has no issues of course. PS. general advice for IPv6, caching and connectivity issues is upgrade to 3.4. These things have been constantly improved across the releases. Amos