Hai, You missed a few points in your config. And thank you for the music link, something different then the radio here. ;-) Ive installed a debian stretch server. This is the debian default config with 2 modifications. ## Squid 3.5.23 ## First enable the acl for YOUR localnet ( here i enable all 5) : acl localnet src 10.0.0.0/8 # RFC1918 possible internal network : acl localnet src 172.16.0.0/12 # RFC1918 possible internal network : acl localnet src 192.168.0.0/16 # RFC1918 possible internal network : acl localnet src fc00::/7 # RFC 4193 local private network range : acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines : acl SSL_ports port 443 ## PS in your config you did miss to add the extra SSL_Ports also to the Safe_port. : acl Safe_ports port 80 # http : acl Safe_ports port 21 # ftp : acl Safe_ports port 443 # https : acl Safe_ports port 70 # gopher : acl Safe_ports port 210 # wais : acl Safe_ports port 1025-65535 # unregistered ports : acl Safe_ports port 280 # http-mgmt : acl Safe_ports port 488 # gss-http : acl Safe_ports port 591 # filemaker : acl Safe_ports port 777 # multiling http : acl CONNECT method CONNECT : http_access deny !Safe_ports : http_access deny CONNECT !SSL_ports : http_access allow localhost manager : http_access deny manager : http_access allow localnet ## And here you missed the "allow localnet" : http_access allow localhost : http_access deny all : http_port 3128 : coredump_dir /var/spool/squid : refresh_pattern ^ftp: 1440 20% 10080 : refresh_pattern ^gopher: 1440 0% 1440 : refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 : refresh_pattern . 0 20% 4320 As extra test. I've installed squid 4.2 rebuilded from debian sid. This is the exact config used, the used script is below the email. I made 2 modifications. Configuration File: /etc/squid/conf.d/debian.conf (depth 1) : enabled localnet Configuration File: /etc/squid/conf.d/headers.conf (depth 1): added your headers. : acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN) : acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN) : acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN) : acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines : acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN) : acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN) : acl localnet src fc00::/7 # RFC 4193 local private network range : acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines : acl SSL_ports port 443 : acl Safe_ports port 80 # http : acl Safe_ports port 21 # ftp : acl Safe_ports port 443 # https : acl Safe_ports port 70 # gopher : acl Safe_ports port 210 # wais : acl Safe_ports port 1025-65535 # unregistered ports : acl Safe_ports port 280 # http-mgmt : acl Safe_ports port 488 # gss-http : acl Safe_ports port 591 # filemaker : acl Safe_ports port 777 # multiling http : acl CONNECT method CONNECT : http_access deny !Safe_ports : http_access deny CONNECT !SSL_ports : http_access allow localhost manager : http_access deny manager : include /etc/squid/conf.d/* Configuration File: /etc/squid/conf.d/debian.conf (depth 1) : logfile_rotate 0 : http_access allow localnet Configuration File: /etc/squid/conf.d/headers.conf (depth 1) : request_header_access From deny all : request_header_access Referer deny all : request_header_access Server deny all : request_header_access WWW-Authenticate deny all : request_header_access Link deny all : forwarded_for delete : http_access allow localhost : http_access deny all : http_port 3128 : coredump_dir /var/spool/squid : refresh_pattern ^ftp: 1440 20% 10080 : refresh_pattern ^gopher: 1440 0% 1440 : refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 : refresh_pattern . 0 20% 4320 If you want the 4.2 for stretch, you can find it here : https://downloads.van-belle.nl/squid/squid4.2/ Buildlogs are all included, or rebuild it yourself from sid/testing. Its a pretty easy rebuild imo. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: squid-users > [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens > Dörfler, Andreas > Verzonden: dinsdag 18 september 2018 14:07 > Aan: squid-users@xxxxxxxxxxxxxxxxxxxxx > Onderwerp: TCP_MISS/502 - audio stream - none > default http ports > > hello there, > > i try to get mp3/audio streams working on a "kinda default" debian > stretch installation. > > after i failed with the default debian squid configuration, i > tried the > working config from the old proxy (Squid Cache: Version 3.1.20), > but no luck either. > > audio streams work when it's a web-based radio on port > 80/443, but once > the radio leaves the default ports, it stops working. > > since the new squid is 4 minor releases above the old server, i think > something major changed, but i have no clue, i touch the squid > configuration only once every few years... > > > ###> > Squid Cache: Version 3.5.23 > <### > > config below is the one i copied from the old squid server, > but as said, > it won't work. security is handled by the firewall, so "allow > all" isn't > a issue. > > ###>config > > acl manager proto cache_object > acl localhost src 127.0.0.1/32 ::1 > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 > acl SSL_ports port 443 9418 5001 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > http_access allow all > http_port 8080 > access_log /var/log/squid/access.log squid > debug_options ALL,1 > coredump_dir /var/spool/squid > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > request_header_access From deny all > request_header_access Referer deny all > request_header_access Server deny all > request_header_access WWW-Authenticate deny all > request_header_access Link deny all > forwarded_for delete > > <### > > > ###>example stream > https://tunein.com/radio/Americana-Breakdown-s281469/ > <### > > ###squid access.log errors > > 172.16.x.x TCP_MISS/502 4307 GET http://91.121.164.210:8104/ - > HIER_DIRECT/91.121.164.210 text/html > > 172.16.x.x TCP_MISS/502 4312 GET http://91.121.164.210:8104/; - > HIER_DIRECT/91.121.164.210 text/html > <### > > and ideas? > > thanks in advance, > andy > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
