Search squid archive

Re: ISSUE accssing content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

1. Its not  a transparent proxy. 

2. My clients get wpad configuration from AD server. So there are two question. 
 2.1 :I know that wpad is used to identify proxy server and port(and rest other bypass rules).  When clients resolve to wpad.abc.com, is there way that I can overwrite the wpad file off client. Like creating a webserver to to serve wpad file and I change /etc/hosts file to "<myhwebserveripaddress> wpad.abc.com"
2.2 Is there any other way to tell clients via squid server, to do not come to squid server and re initiate the request. 

On 24 July 2015 at 21:10, Jagannath Naidu <jagannath.naidu@xxxxxxxxxxxxxxxxxx> wrote:


On 24 July 2015 at 21:05, Jagannath Naidu <jagannath.naidu@xxxxxxxxxxxxxxxxxx> wrote:
Dear List,

I have been working on this for last two weeks, but never got it resolved. 

We have a application server (SERVER) in our local network and a desktop  application (CLIENT). The application picks proxy settings from IE. And we also have a wensense proxy server 

case 1: when there is no proxy set 
application works. No logs in squid server access.log

case 2: when proxy ip address set and checked "bypass local network"
application works. No logs in squid server access.log 

case 3: when proxy ip address is set to wensense proxy server. UNCHECKED "bypass local network"
application works. We dont have access to websense server and hence we can not check logs 


case 4: when proxy ip address is set to proxy server ip address. UNCHECKED "bypass local network"
application does not work :-(. Below are the logs. 


1437751240.149      7 192.168.122.1 TCP_MISS/404 579 GET http://dlwvdialce.htmedia.net/UADInstall/UADPresentationLayer.application - HIER_DIRECT/10.1.4.46 text/html
1437751240.992     94 192.168.122.1 TCP_DENIED/407 3757 CONNECT 0.client-channel.google.com:443 - HIER_NONE/- text/html
1437751240.996      0 192.168.122.1 TCP_DENIED/407 4059 CONNECT 0.client-channel.google.com:443 - HIER_NONE/- text/html
1437751242.327      5 192.168.122.1 TCP_MISS/404 579 GET http://dlwvdialce.htmedia.net/UADInstall/uadprop.htm - HIER_DIRECT/10.1.4.46 text/html
1437751244.777      1 192.168.122.1 TCP_MISS/503 4048 POST http://cs-711-core.htmedia.net:8180/ConcertoAgentPortal/services/ConcertoAgentPortal - HIER_NONE/- text/html

UPDATE: correct logs 

1437752279.774      6 192.168.122.1 TCP_MISS/404 579 GET http://dlwvdialce.htmedia.net/UADInstall/UADPresentationLayer.application - HIER_DIRECT/10.1.4.46 text/html
1437752281.854      5 192.168.122.1 TCP_MISS/404 579 GET http://dlwvdialce.htmedia.net/UADInstall/uadprop.htm - HIER_DIRECT/10.1.4.46 text/html
1437752284.265      2 192.168.122.1 TCP_MISS/503 4048 POST http://cs-711-core.htmedia.net:8180/ConcertoAgentPortal/services/ConcertoAgentPortal - HIER_NONE/- text/html

 
squid -v
Squid Cache: Version 3.3.8
configure options:  '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-strict-error-checking' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-eui' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos' '--enable-external-acl-helpers=file_userip,LDAP_group,time_quota,session,unix_group,wbinfo_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' '--enable-ssl-crtd' '--enable-storeio=aufs,diskd,ufs' '--enable-wccpv2' '--enable-esi' '--enable-ecap' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -fpie' 'LDFLAGS=-Wl,-z,relro  -pie -Wl,-z,relro -Wl,-z,now' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -fpie' 'PKG_CONFIG_PATH=%{_PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig'


squid.conf 

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 8180
acl CONNECT method CONNECT
acl wvdial dst 10.1.4.45 10.1.4.50 10.1.4.53 10.1.4.48 10.1.4.54 10.1.4.46 10.1.4.51 10.1.4.47 10.1.4.55 10.1.4.49 10.1.4.52 10.1.2.4
http_access allow wvdial
acl dialer dstdomain .htmedia.net
http_access allow dialer
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
visible_hostname = NOIDAPROXY01.MYDOMAIN.NET
append_domain  .mydomain.net
ignore_expect_100 on
dns_v4_first on
auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=HTMEDIA.NET
auth_param ntlm children 1000
auth_param ntlm keep_alive off
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 100
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl auth proxy_auth REQUIRED
http_access allow all auth
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 0.0.0.0:8080
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320


It was the same behavior with squid-3.1.10-19. I thought, upgrading to squid 3.3 would help. Please help me resolving this mystery. 


--
Thanks & Regards

Jagannath Naidu 




--
Thanks & Regards

B Jagannath
Keen & Able Computers Pvt. Ltd.
+919871324006



--
Thanks & Regards

B Jagannath
Keen & Able Computers Pvt. Ltd.
+919871324006
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux