I was able to capture the log at the time this happened to me, I got the following in the access.log: 1412895309.389 84 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 1412895311.770 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html 1412895311.852 77 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 1412895311.855 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html 1412895311.937 77 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 1412895311.941 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html 1412895312.053 107 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 1412895312.056 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html 1412895312.124 65 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 1412895312.680 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html 1412895312.765 79 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 1412895312.768 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html 1412895312.846 74 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 1412895312.851 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html 1412895312.927 73 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - 1412895312.931 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html Not sure why it would be saying TCP_MISS, I assume the TCP_DENIED is expected as it happens after the TCP_MISS and has no authentication information. -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of glenn.groves@xxxxxxxxxxxxxxx Sent: Thursday, 9 October 2014 9:04 AM To: eliezer@xxxxxxxxxxxx; squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: https issues for google Hi Eliezer, The DNS we are using is the ISP default for external, our internal domain DNS for internal. Nslookup works for all tests. I would like to update to the latest stable, but I am concerned of breaking the current setup. It took a little work to get it working correctly particularity on the multiple authentication methods working with our domain and trust. I support what has been said - to check the logs. This will likely take time as I cannot reproduce this issue on demand - and I think users are starting to not report the issue and just living with it (or it is not getting all the way to me at least). I will have to get lucky at some point on my computer and look into it then. Could squid be getting mixed up when mulipule https requests are to the same address (e.g. https://google.com.au)? Thanks, Glenn -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Eliezer Croitoru Sent: Wednesday, 8 October 2014 7:39 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: https issues for google -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Glenn, Since you are not using intercept or tproxy the basic place to look at is the access.log. You can see there if the proxy is trying for example to reach an IPV6 address (by mistake). Also to make sure there is an issue you can use specific exception like the cacheadmin acl you are using to allow the cacheadmin access without authentication for the basic test. Also you are indeed using the latest CentOS 6.5 squid but since the current stable version is 3.4.8 you should try to upgrade(to something else then 3.1) due to other issues. The issue can be a network or dns related issue which was not detected until now. Please first make sure that the access.log and cache.log files are clean for errors or issues. What dns servers are you using? Eliezer On 10/07/2014 06:51 AM, glenn.groves@xxxxxxxxxxxxxxx wrote: > Hi All, > > We have a weird issue where https sites apparently don't respond (get > message "this page can't be displayed"). This mainly affects google > websites and to a lesser affect youtube. It has been reported it may > have affected some banking sites but this is unconfirmed. We are > running centos 6.5 with up to date squid from the centos repositories. > > Here is the version of squid: yum list installed | grep squid > squid.x86_64 7:3.1.10-20.el6_5.3 > > The https sites work fine if I put a direct hole in the firewall to > allow internet traffic directly out - but this is not a solution. > > Thanks, Glenn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUNF1uAAoJENxnfXtQ8ZQUlfYH/i0o9MQDTt8g5aINRljVSMZc btC8mcYn/JYn4WUPIoOc4/MhvuYg0JO6hXsSoPxjI1khMrq9fTV2c8eaLItWqYCf hjioWPJs2hPwfw6WDi0I6kF0Is+hD/MGsJci7s+jg593lHnm+ZjoDIHj0aCpcdgy u95961yZWXINbYsjTirFftnX5UC5MWbwZjaah6zW84RKZl/pa1vJM/tdgqiLdE5V GDNhS01mbKPfin8oc/RQk4nYAK39vncSebvSHJwkvPJIKlb54Yti64j6qUfPsav3 uUvIVKSpxZjFFJoLtw1zjn1MwyynoHNGT1lP+HptsGkDoeGJ6YWU/IwB1sFKcVk= =GKmE -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users This message (including any attachments) is confidential and may be legally privileged. If you are not the intended recipient, you should not disclose, copy or use any part of it - please delete all copies immediately and notify the Bradnam Group Helpdesk at helpdesk@xxxxxxxxxxxxxxx Any information, statements or opinions contained in this message (including any attachments) are given by the author. They are not given on behalf of the Bradnam Group unless subsequently confirmed by an individual other than the author who is duly authorised to represent the Bradnam Group (or any of its subsidiary and associate companies). All sent and received email from/to the Bradnam Group (or any of its subsidiary and associate companies) is automatically scanned for the presence of computer viruses, security issues and inappropriate content. For further information on the services which the Bradnam Group provides visit our web site(s) at www.bradnams.com.au or www.nationalglass.com.au _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users