On 4/02/2015 2:01 a.m., Rich549 wrote: > Eliezer Croitoru-2 wrote >> Hey Rich, >> >> I am yet unsure about the issue you are having and even if squid 3.3.8 >> is not the latest most of these sites should work fine for you throw >> squid. >> I believe that this is the place where we can take a look at the squid >> access.log output while surfing to understand the issue better. >> If you are using IE\FF\Chrome you should have some profiling and network >> tools which can help understand the issue from the client side before >> running and looking for an issue in the middle. >> >> In IE and FF you can use the F12 button to open the tools toolbox and >> then go into network tab or icon. >> You should then be able throw this tool see what happens with all the >> requests from the client side. > > Hi, > > Thanks for the suggestion, I've attached a couple of files showing the > results of that. I actually see a lot of DENIED errors for pretty much any > websites using port 443 (SSL). > > twitter.png > <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4669496/twitter.png> > Twitter_accesslog.txt > <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4669496/Twitter_accesslog.txt> > > Looks like perfectly normal NTLM meets HTTPS traffic behaviour to me. Browser connects to proxy, proxy replies with 407 listing available auth schemes. 1422968109.560 0 172.31.21.3 TCP_DENIED/407 3722 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html 1422968109.560 0 172.31.21.3 TCP_DENIED/407 3722 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html 1422968109.561 0 172.31.21.3 TCP_DENIED/407 3722 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html 1422968109.570 0 172.31.21.3 TCP_DENIED/407 4106 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html 1422968109.570 0 172.31.21.3 TCP_DENIED/407 4106 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html 1422968109.579 0 172.31.21.3 TCP_DENIED/407 4106 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html ... taking less than 1ms in Squid. Browser re-tries request with stage-1 NTLM auth credentials selecting, proxy responds with NTLM stage-2 challenge. 1422968109.661 0 172.31.21.3 TCP_DENIED/407 3722 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html 1422968109.667 0 172.31.21.3 TCP_DENIED/407 4106 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html 1422968109.679 0 172.31.21.3 TCP_DENIED/407 3722 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html 1422968109.694 0 172.31.21.3 TCP_DENIED/407 3722 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html 1422968109.701 0 172.31.21.3 TCP_DENIED/407 4106 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html 1422968109.706 0 172.31.21.3 TCP_DENIED/407 4106 CONNECT abs.twimg.com:443 - HIER_NONE/- text/html ... taking less than 1ms in Squid. Browser re-tries request with NTLM stage-3 auth credentials. Proxy accepts connection, opens TCP tunnel to upstream server, starts relaying bytes between client and server... NP: there is no timing info on that logged. 40sec later the server closes the connection (having delivered 0 bytes!). Proxy logs completion of the HTTPS stream. 1422968149.730 40156 172.31.21.3 TCP_MISS/200 0 CONNECT abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 - 1422968149.731 40157 172.31.21.3 TCP_MISS/200 0 CONNECT abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 - 1422968149.731 40149 172.31.21.3 TCP_MISS/200 0 CONNECT abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 - 1422968149.731 40056 172.31.21.3 TCP_MISS/200 0 CONNECT abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 - 1422968149.731 40022 172.31.21.3 TCP_MISS/200 0 CONNECT abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 - 1422968149.731 40026 172.31.21.3 TCP_MISS/200 0 CONNECT abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 - 3.3 may have been introducing a bug, but 3.5 has the fix for that. So there is nothing wrong here with Squid. The problem is somewhere in the browser and server interactions. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
