-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 21/11/2014 12:43 a.m., Andreas.Reschke wrote: >> Von: Amos Jeffries > On 20/11/2014 10:57 p.m., Andreas.Reschke wrote: >>>> Hi there, >>>> >>>> we're using 3 squid proxy (version 3.3.-13, no caching, no >>>> logging) at our LAN (4500 User) in front of a squid proxy at >>>> the DMZ. Now there are a lot of troubles with portals for the >>>> costumer (like www.covisint.com). After register at this >>>> portal and select the application there is a forward to >>>> another domain. At this point squid can't connect the other >>>> domain with the error: this side isn't reachable. >>>> >>>> How to fix this? > > What is the HTTP message being sent from the client to Squid when > it "breaks"? > > And what error details is Squid reporting about the problem in > cache.log? NP: cache.log is mandatory, only access.log/store.log > are optional. > > Amos > > Hi Amos, access.log is off because of we aren't allowed to log the > user. Cache.log contains only LDAP-User-Auth and -groups. The only > method is read the stream with netcat, but there aren't nice data > because of https. > If you are unable to get any meaningful information about what is going wrong then you will be unable to solve the problem. Perhapse you can (temporarily) log only the request made and what Squid tried to do with it? no details about the users necessary. logformat debug %Ss/%03>Hs %<st %rm %ru %Sh/%<a access_log stdio:/var/log/squid/debug_access.log debug I suspect the HTTPS sites are sending logged-in users to some strange port number or hostname which your squid.conf forbids access to. That will show up in the above log as a CONNECT with TCP_DENIED/403 and strange port number that will need to be added to the SSL_Ports ACL. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUbf4dAAoJELJo5wb/XPRjMHIH/2/JQCpwGMyPHhbFfmmmYSp9 3BO8kGh9ZOexfgiouVeYcNYviuVhg1+roz7uI9Uo3S2PXJFNv5WT+alpTqHPPIQx obaLK5GsxeXcEgjvtXK9sJhbTrepuO4XXK1THxtKMacT06QtubZyaK5gjLGiLTML 25+IaNrkttpha2jFuMfZRlnKXC/ENRQc+Yp/FzKI1BO98VFuir/mTMn9/8CSD95L FsnVFwUe/pGUmdlvLpcbUZevgcX13ma3BfytMdjYGF4kDqg4444hygQFzT569P6Q PA5nMJwY/vZIa0xKnleXkXCBQU05CclNdC9+hAmrxCd9dA1Y9KFKbhX3lVfnvjg= =Uuek -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
