-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/10/2014 12:02 p.m., glenn.groves@xxxxxxxxxxxxxxx wrote: > I was able to capture the log at the time this happened to me, I > got the following in the access.log: > > 1412895309.389 84 10.10.10.69 TCP_MISS/200 0 CONNECT > www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - > 1412895311.770 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT > www.youtube.com:443 - NONE/- text/html 1412895311.852 77 > 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> > DIRECT/74.125.237.160 - 1412895311.855 0 10.10.10.69 > TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html > 1412895311.937 77 10.10.10.69 TCP_MISS/200 0 CONNECT > www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - > 1412895311.941 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT > www.youtube.com:443 - NONE/- text/html 1412895312.053 107 > 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> > DIRECT/74.125.237.160 - 1412895312.056 0 10.10.10.69 > TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html > 1412895312.124 65 10.10.10.69 TCP_MISS/200 0 CONNECT > www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - > 1412895312.680 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT > www.youtube.com:443 - NONE/- text/html 1412895312.765 79 > 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> > DIRECT/74.125.237.160 - 1412895312.768 0 10.10.10.69 > TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html > 1412895312.846 74 10.10.10.69 TCP_MISS/200 0 CONNECT > www.youtube.com:443 <MYADUSER> DIRECT/74.125.237.160 - > 1412895312.851 0 10.10.10.69 TCP_DENIED/407 3983 CONNECT > www.youtube.com:443 - NONE/- text/html 1412895312.927 73 > 10.10.10.69 TCP_MISS/200 0 CONNECT www.youtube.com:443 <MYADUSER> > DIRECT/74.125.237.160 - 1412895312.931 0 10.10.10.69 > TCP_DENIED/407 3983 CONNECT www.youtube.com:443 - NONE/- text/html > > Not sure why it would be saying TCP_MISS, I assume the TCP_DENIED > is expected as it happens after the TCP_MISS and has no > authentication information. > This looks like perfectly normal authentication working exactly as it was designed to work. Privacy and security requires that client/browsers only send users credentials if they have to. So the client/browser is doing this: * open TCP connection * HTTP request (no authentication , hiding user credentials) -> 407 challenge * retry HTTP request with authentication The whole auth handshake sequence is happening in 50-100ms. Being CONNECT tunnels the TCP connection is always closed after the tunnel is done. Causing a new auth handshake for each CONNECT. The MISS just means no cached object was used in the reply (CONNECT not being cacheable). Thats is also normal, we only recently added the TCP_TUNNEL label to separate tunnelled vs ssl-bumped CONNECT. The "0" in bytes column is result of logging bug on CONNECT byte counting. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUN2m4AAoJELJo5wb/XPRjx0QH/02x2sHyh3O/S3RuEuyye9Bf XKHWxwwhYdOa97wZ+dgRPBhl3ge1wqRYxBwDaFbnhh/R652w5j+sJtnXoS0OhD6Z H0GxuXy7kiekBFEcTDpISKSwKgAmoGjNSEuFVT5vnchf6v3o7eaCTX1fgbpOBd+R x0mp+HJew76eEOC2tihMpVkRLD6TGg76r3jDOe0y2rbhOqH7Hh1h/7SSST4jNZVw pz3oflnnMR7h+pk2QIHdDn8Jy4Dmm5waGZHQ1NIyco3wbsm7nmbFMbt+hmf3EGfu UQCYEuiqx5xh5cgBIrvG+C+lkYdh+CMVLb1xnu0hYGnS0ZikwbaKBnWVkF/I/ZM= =F5F0 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
