Hi this is not an SSL site.
Here is the config (I have stripped out the ACL's)
# WELCOME TO SQUID 2
# ------------------
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
# TAG: cache_peer
cache_peer proxy1.ap.webscanningservice.com parent 3128 0000 default no-query no-digest
# cache_peer proxy1.eu.webscanningservice.com parent 3128 0000 default no-query no-digest
# cache_peer proxy1.us.webscanningservice.com parent 3128 0000 default no-query no-digest
# cache_peer proxy1.hk.webscanningservice.com parent 3128 0000 default no-query no-digest
# cache_peer proxy1.eu.webscanningservice.com parent 3128 0000 default no-query no-digest
# disable local cache digest generation
digest_generation off
# TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?
#define the all here as it will be used by the no_cache
acl all src 0.0.0.0/0.0.0.0
# TAG: no_cache
cache deny all
# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------
# TAG: maximum_object_size (bytes)
maximum_object_size 0 KB
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------
log_uses_indirect_client on
# Enable Log Rotation
logfile_rotate 7
# TAG: emulate_httpd_log on|off
emulate_httpd_log on
# TAG: debug_options
debug_options ALL,1
#debug_options ALL,9
# By default, the store and access log is disabled to avoid large size log files
cache_store_log none
access_log none
useragent_log none
#cache_log c:/ClientSiteProxy/var/logs/cache.log
#access_log C:/ClientSiteProxy/var/logs/access.log
cache_log D:/SquidDefinitions/logs/cache.log
access_log D:/SquidDefinitions/logs/access.log
#useragent_log c:/ClientSiteProxy/var/logs/useragent.log
# IGNORE EXPECT 100 HTTP HEADER
# -----------------------------------------------------------------------------
ignore_expect_100 on
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------
# TAG: auth_param
auth_param ntlm program c:/clientsiteproxy/libexec/mswin_ntlm_auth.exe
auth_param ntlm children 80
auth_param ntlm keep_alive on
# auth_param negotiate program c:/clientsiteproxy/libexec/mswin_negotiate_auth.exe
auth_param negotiate children 80
auth_param basic program c:/clientsiteproxy/libexec/ncsa_auth.exe C:/clientsiteproxy/etc/passwd.txt
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# Use this tag to specify how long the IP authentication credentials will be cached
# If multiple users connect from a single IP (ie: terminal services) comment out the
# following line and uncomment the next.
#authenticate_ip_shortcircuit_ttl 30 seconds
authenticate_ip_shortcircuit_access none
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
# TAG: refresh_pattern
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# TIMEOUTS
# -----------------------------------------------------------------------------
read_timeout 15 minutes
# X-Saucer
# ------------------------------------------------------------------------------
# TAG: fqdn_xsaucer
# Turn this on if you wish to use fully qualified domain names instead of
# user names in X-Saucer. To do this Squid does a DNS lookup of all
# IP's connecting to it. This can (in some situations) increase
# latency, which makes your cache seem slower for interactive
# browsing. By default, it is off.
# The FQDN will be prepended with a backslash and converted to lower case since
# ClientNet only accepts custom user name with backslash. If log_fqdn is
# also enabled, the FQDN will be logged in access.log.
# For example, an FQDN of www.XYz.com in access.log will require specifying
# a custom user "\www.xyz.com" (no quotes) in ClientNet.
#
# fqdn_xsaucer off
# TAG: hash_username_xsaucer
# Turn this on if you wish to apply hex representative of hashed(SHA-1)
# to domain name\user name (before encryption) in X-Saucer instead.
#
# hash_username_xsaucer off
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
# TAG: acl
# TAG: disable password on conf file
#cachemgr_passwd none config
acl SSL_ports port 443 563 5443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 5443 # https, snews, medicare
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl_uses_indirect_client on
acl CONNECT method CONNECT
acl authproxy proxy_auth REQUIRED
# the IP list of "acl our_networks src" may potentially be long while the maximum number of characters supported by squid is around 500.
# therefore, you should try to splite long ip list to multiple lines for readabilty and maintenability, see the following lines as an example:
# acl our_networks src x.x.x.x/z x.x.x.x/x x.x.x.x/z ....
# acl our_networks src y.y.y.y/z y.y.y.y/y y.y.y.y/z ....
acl our_networks src 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 169.254.0.0/16
# __________________________________________________________________________
acl HEAD method HEAD
follow_x_forwarded_for allow f5lb_prxy
# TAG: http_access
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
# __________________________________________________________________________
#http_access allow CONNECT SSL_ports
# __________________________________________________________________________
http_access deny CONNECT !SSL_ports
#Allow the header as IE does not process the Head authentication
http_access allow HEAD
http_access deny !our_networks
http_access allow Smartconnect
# __________________________________________________________________________
# __________________________________________________________________________
# NTLM bypasses and specific domain bypass come after this comment block.
# http_access = NTLM bypass. always_direct = bypasses the MessageLabs proxy
# and sends the connection directly. The first sample below creates a bypass
# named 'uniqueBypass1' which bypasses NTLM and sends the connection directly
# for sample.com. The second sample will bypass NTLM authentication for
# connections to sample.com.
# Begin Sample 1:
#acl uniqueBypass1 dstdomain sample.com
# http_access allow uniqueBypass1
# always_direct allow uniqueBypass1
# Begin Sample 2:
#acl NTLMBypass dstdomain sample.com
#http_access allow NTLMBypass
http_access allow authproxy
http_access deny all
# TAG: icp_access
icp_access allow all
# TAG: httpd_suppress_version_string on|off
# Suppress Squid version string info in HTTP headers and HTML error pages.
#
httpd_suppress_version_string on
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
# TAG: visible_hostname
visible_hostname ClientSiteProxy
# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# -----------------------------------------------------------------------------
# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------
# MISCELLANEOUS
# -----------------------------------------------------------------------------
# Forwarding proxy client IP addresses in X-Forwarded-For header.
# Disabled to prevent leakage of internal network configuration details.
forwarded_for truncate
# Do not reveal CSP version in "Via" HTTP header
header_access Via deny all
# TAG: never_direct
never_direct allow all
# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------
# TAG: coredump_dir
# completely disable checks for cache consistency (and/or garbage collection) and
# there will be no need to initialize cache dirs which amount to be over 2000 dir.
cache_dir null c:/ClientSiteProxy
coredump_dir c:/clientsiteproxy/var/cache
http_port 80
http_port 8080
On Tuesday, 1 March 2016 11:49 AM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote:
Can you send me or the list your squid.conf?
Also are you using SSl-BUMP? is this a https site?
Eliezer
On 01/03/2016 00:36, Ryan Slick wrote:
> Hi Guys,
>
> So here is an issue I am having,
>
> there is a external website some of our users need to access. When
> accessing via the Squid proxy, the site throws this error on the page:
>
> iisnode encountered an error when processing the request.
> HRESULT: 0xb
> HTTP status: 500
> HTTP reason: Internal Server Error
> You are receiving this HTTP 200 response because
> system.webServer/iisnode/@devErrorsEnabled
> <mailto:system.webServer/iisnode/@devErrorsEnabled> configuration
> setting is 'true'.
>
> We configured on a pc that goes directly to the internet the page loads
> fine, when going via a bluecoat proxy on a different network it loads
> fine, When I put in a direct access rule on squid the error is still thrown.
>
> I am convinced the issue is on the external webserver, however it would
> appear squid is not playing nice with it, is there anything I can do to
> attempt to fix it? Now the users have tested on their remote devices and
> from home they are convinced the issue lies on the proxy.
>
> regards
>
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
>
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
Also are you using SSl-BUMP? is this a https site?
Eliezer
On 01/03/2016 00:36, Ryan Slick wrote:
> Hi Guys,
>
> So here is an issue I am having,
>
> there is a external website some of our users need to access. When
> accessing via the Squid proxy, the site throws this error on the page:
>
> iisnode encountered an error when processing the request.
> HRESULT: 0xb
> HTTP status: 500
> HTTP reason: Internal Server Error
> You are receiving this HTTP 200 response because
> system.webServer/iisnode/@devErrorsEnabled
> <mailto:system.webServer/iisnode/@devErrorsEnabled> configuration
> setting is 'true'.
>
> We configured on a pc that goes directly to the internet the page loads
> fine, when going via a bluecoat proxy on a different network it loads
> fine, When I put in a direct access rule on squid the error is still thrown.
>
> I am convinced the issue is on the external webserver, however it would
> appear squid is not playing nice with it, is there anything I can do to
> attempt to fix it? Now the users have tested on their remote devices and
> from home they are convinced the issue lies on the proxy.
>
> regards
>
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
>
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
