Hi Antony.
Cristiano Nunes
The URL is www..yasudamaritima.com.br, but according to the user, you have to navigate and authenticate to the portion of the site which is supposed to show the window, but the window is blank.
The squid.log captured during the user session is below:
1444152953.106 0 192.168.0.38 TCP_MISS/000 0 GET http://www.yasuda.com.br/favicon.ico - DIRECT/www.yasuda.com.br -
1444152953.428 0 192.168.0.38 TCP_IMS_HIT/304 295 GET http://seguros.yasudamaritima.com.br/hubfs/IMG_Posts/Extra-corretor.jpg - NONE/- image/jpeg
1444152953.428 0 192.168.0.38 TCP_IMS_HIT/304 295 GET http://seguros.yasudamaritima.com.br/hubfs/IMG_Posts/04-Corretor-ps_venda.jpg - NONE/- image/jpeg
1444152953.429 0 192.168.0.38 TCP_IMS_HIT/304 295 GET http://seguros.yasudamaritima.com.br/hubfs/IMG_Posts/post_corretor8.jpg - NONE/- image/jpeg
1444152953.431 0 192.168.0.38 TCP_IMS_HIT/304 295 GET http://seguros.yasudamaritima.com.br/hubfs/IMG_Posts/31-Segurado-RC_BAB.jpg - NONE/- image/jpeg
1444152953.782 180 192.168.0.38 TCP_MISS/302 1012 GET http://www.google-analytics.com/r/collect? - DIRECT/173.194.118.6 text/html
1444152954.023 0 192.168.0.38 TCP_IMS_HIT/304 301 GET http://s7.addthis.com/layers.d3089ff8d4aa15672ac8.js - NONE/- text/_javascript_
1444152954.034 0 192.168.0.38 TCP_IMS_HIT/304 301 GET http://s7.addthis.com/hi-res-css.cfeefd4edd0cdaff82be.js - NONE/- text/_javascript_
1444152954.082 0 192.168.0.38 TCP_IMS_HIT/304 311 GET http://s7.addthis.com/sh.3aa0e79cb54fea3f63d7daa9.html - NONE/- text/html
1444152954.096 0 192.168.0.38 TCP_IMS_HIT/304 301 GET http://s7.addthis.com/menu.ee745c37cc4914e21ca8.js - NONE/- text/_javascript_
1444152954.289 426 192.168.0.38 TCP_MISS/200 21476 GET http://js.hs-analytics.net/analytics/1444153200000/503280.js - DIRECT/184.28.143.227 text/_javascript_
1444152954.771 322 192.168.0.38 TCP_MISS/200 961 GET http://m.addthis.com/live/red_lojson/300lo.json? - DIRECT/104.16.23.235 application/_javascript_
1444152955.317 324 192.168.0.38 TCP_MISS/200 412 GET http://track.hubspot.com/__ptq.gif? - DIRECT/54.164.53.68 image/gif
1444152959.736 10073 192.168.0.38 TCP_MISS/200 228 CONNECT www.gstatic.com:443 - DIRECT/173.194.118.23 -
1444152969.735 14738 192.168.0.38 TCP_MISS/200 4526 CONNECT fbstatic-a.akamaihd.net:443 - DIRECT/201.6.6.163 -
1444152969.735 15418 192.168.0.38 TCP_MISS/200 3789 CONNECT s-static.ak.facebook.com:443 - DIRECT/172.229.62.110 -
1444152969.736 15432 192.168.0.38 TCP_MISS/200 3789 CONNECT s-static.ak.facebook.com:443 - DIRECT/172.229.62.110 -
1444152969.736 14716 192.168.0.38 TCP_MISS/200 262 CONNECT www.facebook.com:443 - DIRECT/31.13.85.8 -
1444152969.998 146 192.168.0.38 TCP_MISS/200 3010 POST http://syasweb.yasuda.com.br:9080/SyasWeb/Auto/LoadUsuario.aspx - DIRECT/201.85.62.34 text/html
1444152970.071 17 192.168.0.38 TCP_MISS/200 366 GET http://syasweb.yasuda.com.br:9080/SyasWeb/Auto/dynaTraceMonitor? - DIRECT/201.85.62.34 text/plain
1444152970.116 53 192.168.0.38 TCP_MISS/302 943 GET http://syasweb.yasuda.com.br:9080/SyasWeb/Auto/WebForms/default.aspx? - DIRECT/201.85.62.34 text/html
1444152977.019 10383 192.168.0.38 TCP_MISS/200 103653 CONNECT portalweb.yasudamaritima.com.br:443 - DIRECT/201.85.63.40 -
1444152977.030 10382 192.168.0.38 TCP_MISS/200 2265 CONNECT portalweb.yasudamaritima.com.br:443 - DIRECT/201.85.63.40 -
1444152977.049 10412 192.168.0.38 TCP_MISS/200 798 CONNECT portalweb.yasudamaritima.com.br:443 - DIRECT/201.85.63.40 -
1444152979.735 13068 192.168.0.38 TCP_MISS/200 137 CONNECT portalweb.yasudamaritima.com.br:443 - DIRECT/201.85.63.40 -
1444152979.759 16391 192.168.0.38 TCP_MISS/200 151066 CONNECT portalweb.yasudamaritima.com.br:443 - DIRECT/201.85.63.40 -
1444153020.403 65399 192.168.0.38 TCP_MISS/200 17889 CONNECT www.facebook.com:443 - DIRECT/31.13.85.8 -
1444153078.755 115395 192.168.0.38 TCP_MISS/200 3678 CONNECT www.linkedin.com:443 - DIRECT/108.174.12.129 -
1444153079.087 142525 192.168.0.38 TCP_MISS/200 64000 CONNECT www.google.com.br:443 - DIRECT/173.194.118.23 -
1444153079.087 129438 192.168.0.38 TCP_MISS/200 7529 CONNECT www.gstatic.com:443 - DIRECT/173.194.118.23 -
1444153079.087 125913 192.168.0.38 TCP_MISS/200 807 CONNECT apis.google.com:443 - DIRECT/173.194.118.2 -
1444153079.087 125915 192.168.0.38 TCP_MISS/200 618 CONNECT s7.addthis.com:443 - DIRECT/104.16.27.35 -
1444153079.087 125453 192.168.0.38 TCP_MISS/200 50115 CONNECT platform.linkedin.com:443 - DIRECT/184.86.193.85 -
1444153079.087 125421 192.168.0.38 TCP_MISS/200 445 CONNECT connect.facebook.net:443 - DIRECT/172.230.53.221 -
1444153079.087 124998 192.168.0.38 TCP_MISS/200 624 CONNECT stats.g.doubleclick.net:443 - DIRECT/64.233.190.154 -
1444153079.088 108930 192.168.0.38 TCP_MISS/200 35399 GET http://syasweb.yasuda.com.br:9080/SyasWeb/Auto/WebForms/ConsultaCalculo.aspx - DIRECT/201.85.62.34 text/html
1444153079.088 124444 192.168.0.38 TCP_MISS/200 1010 CONNECT syndication.twitter.com:443 - DIRECT/199.16.158.49 -
And here is my squid.conf.
[root@fw squid]# grep -v "^$" /etc/squid/squid.conf
http_port 192.168.0.254:3128
visible_hostname fw.akium.com.br
cache_mem 64 MB
cache_dir ufs /cache 5000 24 24
cache_swap_low 90
cache_swap_high 95
maximum_object_size 1 MB
maximum_object_size_in_memory 64 KB
minimum_object_size 1 KB
acl QUERY urlpath_regex cgi-bin \?
acl GOVDOMAIN dstdomain .gov.br
cache deny GOVDOMAIN
cache deny QUERY
#logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
error_directory /etc/squid/errors
#acl all src 0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl rede_local src 192.168.0.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl servidor src 192.168.0.254
acl downloads_mime rep_mime_type -i "/etc/squid/regras/mime_download"
acl block_words_ulrs url_regex -i "/etc/squid/regras/blocked_word_url"
acl block_msn_client req_mime_type ^application/x-msn-messenger
acl unblock_sites url_regex -i "/etc/squid/regras/unblocked_sites"
acl unblock_download_sites url_regex -i "/etc/squid/regras/unblocked_download_sites"
acl unblock_selected_sites url_regex -i "/etc/squid/regras/unblocked_selected_sites"
acl google_talk url_regex -i "/etc/squid/regras/block_google_talk"
acl imessengers url_regex -i "/etc/squid/regras/block_imessengers"
acl liberados_selected src "/etc/squid/regras/maquinas_selected"
acl liberados src "/etc/squid/regras/maquinas_liberadas"
acl interno dstdomain akium.com.br
acl SSL_ports port 443 563 9043 448
acl Safe_ports port 80 # http
acl Safe_ports port 81 86 # Apache - Dansguardian error page
acl Safe_ports port 99
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 1015 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1011 # Sincor
acl Safe_ports port 9043 # AdmSeg
acl Safe_ports port 448 # AdmSeg
acl CONNECT method CONNECT
http_access deny google_talk
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#always_direct allow interno
http_access allow localhost
http_access allow servidor
http_access allow unblock_sites
http_access allow unblock_selected_sites liberados_selected
http_access allow liberados
http_access deny imessengers
deny_info http://192.168.0.254/im.html imessengers
http_access deny block_words_ulrs
deny_info http://192.168.0.254/words.html block_words_ulrs
http_access allow rede_local
http_access deny all
http_reply_access allow liberados
http_reply_access allow unblock_download_sites
http_reply_access deny downloads_mime
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
[root@fw squid]#
Appreciate your help!
Att.
Cristiano Nunes
2015-10-06 13:30 GMT-03:00 Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx>:
On Tuesday 06 October 2015 at 17:40:11, Cristiano Nunes wrote:
> I have a Squid Version 3.9.Stable13 which is working perfect.
>
> Today I received a complanint of a users which is not able to browse a
> brazilian site.
>
> Squid log shows no DENY at all but the site only shows a white screen with
> no errors.
>
> I thought this was a site bug. So I set up a NAT to the user and for my
> surprise the site worked flawless.
>
> The site seems to user ports http(80) / https(443) and http(9080) all
> theses are not blocked by Squid.
>
> What could be the cause to this site not work through Squid.
That's a bit hard for us to tell without knowing:
- the site the user was trying to access (so we can see what sort of HTML it
returns, or try it on our own Squid setups, for example)
- your Squid configuration (so we can see why the access ought to have worked)
- what showed up in the Squid log file when the user tried to access the site
(so we can see what Squid was asked to do, what it did, and what the result
was).
I suggest you:
- tell us the URL
- post your squid.conf without blank lines or comments (obscuring any
sensitive data, if present)
- post the Squid access log for the session (removing detail from any other
sessions so long as you're sure they are unrelated).
That may give us some useful information to work on.
Regards,
Antony.
--
You can tell that the day just isn't going right when you find yourself using
the telephone before the toilet.
Please reply to the list;
please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
