Hi Squid Users,
with Squid 4.6 I cannot open these 2 domains when SSL bump is enabled:
https://www.hays.de
https://www.plantronics.com
Both are showing me a different type of error, details below.
I could not find any HPKP site or subdomain there, so I guess Squid has another problem with this domains.
Can somebody explain me how I should debug that correctly, to open a bugreport?
### Bump Settings:
acl domains_dont_sslbump ssl::server_name_regex "/etc/squid/ka/domains_dont_sslbump.acl"
acl domains_dont_sslbump ssl::server_name_regex "/etc/squid/blacklists/blacklist_ut1/blacklists/bank/domains"
acl domains_dont_sslbump ssl::server_name_regex "/etc/squid/blacklists/blacklist_shallalist/BL/finance/banking/domains"
acl domains_dont_sslbump ssl::server_name_regex "/etc/squid/blacklists/blacklist_shallalist/BL/finance/other/domains"
http_port proxy02:8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/cert.pem key=/etc/squid/certs/key.ohnersa.pem
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
always_direct allow all
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all !domains_dont_sslbump
#### hays.de:
1555577795.968 1 172.16.x.x TCP_DENIED/407 4995 GET http://hays.de/ - HIER_NONE/- text/html
1555577796.067 63 172.16.x.x TCP_MISS/301 465 GET http://hays.de/ user1 HIER_DIRECT/149.126.72.70 -
1555577796.083 0 172.16.x.x TCP_DENIED/407 4124 CONNECT hays.de:443 - HIER_NONE/- text/html
1555577796.101 1 172.16.x.x TCP_DENIED/407 4460 CONNECT hays.de:443 - HIER_NONE/- text/html
1555577796.202 86 172.16.x.x NONE/200 0 CONNECT hays.de:443 user1 HIER_DIRECT/149.126.72.70 -
1555577796.302 15 172.16.x.x TCP_MISS/301 345 GET https://hays.de/ user1 HIER_DIRECT/149.126.72.70 -
1555577796.320 0 172.16.x.x TCP_DENIED/407 4140 CONNECT www.hays.de:443 - HIER_NONE/- text/html
1555577796.333 1 172.16.x.x TCP_DENIED/407 4476 CONNECT www.hays.de:443 - HIER_NONE/- text/html
1555577796.507 158 172.16.x.x NONE/200 0 CONNECT www.hays.de:443 user1 HIER_DIRECT/149.126.77.70 -
1555577796.602 30 172.16.x.x TCP_MISS_ABORTED/000 0 GET https://www.hays.de/ user1 HIER_DIRECT/149.126.77.70 -
Error displayed on https://www.hays.de (from the Browser Chrome/or Firefox):
Chrome: ERR_EMPTY_RESPONSE
Firefox: Secure Connection Failed // An error occurred during a connection to www.hays.de. // The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. // Please contact the website owners to inform them of this problem.
Header Response while this error message is displayed:
HTTP/1.1 200 Connection established
Server: squid
Mime-Version: 1.0
Date: Thu, 18 Apr 2019 09:05:28 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3759
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: NTLM VNTUAACAAAADAAMAD(...)
X-Cache: MISS from proxy02
X-Cache-Lookup: NONE from proxy02:8080
Via: 1.1 proxy02 (squid)
Connection: keep-alive
#### plantronics.com
1555577912.476 391 172.16.x.x TCP_MISS/301 869 GET http://plantronics.com/ user1 HIER_DIRECT/198.231.10.19 text/html
1555577912.514 0 172.16.x.x TCP_DENIED/407 4172 CONNECT www.plantronics.com:443 - HIER_NONE/- text/html
1555577912.529 1 172.16.x.x TCP_DENIED/407 4508 CONNECT www.plantronics.com:443 - HIER_NONE/- text/html
1555577912.864 324 172.16.x.x NONE/200 0 CONNECT www.plantronics.com:443 user1 HIER_DIRECT/54.192.94.216 -
1555577913.564 521 172.16.x.x TCP_MISS/403 745 GET https://www.plantronics.com/ user1 HIER_DIRECT/54.192.94.216 text/html
Error displayed on frontpage https://www.plantronics.com (from their Apache or Nginx):
Forbidden
You don't have permission to access /.noindex.html on this server.
with Squid 4.6 I cannot open these 2 domains when SSL bump is enabled:
https://www.hays.de
https://www.plantronics.com
Both are showing me a different type of error, details below.
I could not find any HPKP site or subdomain there, so I guess Squid has another problem with this domains.
Can somebody explain me how I should debug that correctly, to open a bugreport?
### Bump Settings:
acl domains_dont_sslbump ssl::server_name_regex "/etc/squid/ka/domains_dont_sslbump.acl"
acl domains_dont_sslbump ssl::server_name_regex "/etc/squid/blacklists/blacklist_ut1/blacklists/bank/domains"
acl domains_dont_sslbump ssl::server_name_regex "/etc/squid/blacklists/blacklist_shallalist/BL/finance/banking/domains"
acl domains_dont_sslbump ssl::server_name_regex "/etc/squid/blacklists/blacklist_shallalist/BL/finance/other/domains"
http_port proxy02:8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/cert.pem key=/etc/squid/certs/key.ohnersa.pem
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
always_direct allow all
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all !domains_dont_sslbump
#### hays.de:
1555577795.968 1 172.16.x.x TCP_DENIED/407 4995 GET http://hays.de/ - HIER_NONE/- text/html
1555577796.067 63 172.16.x.x TCP_MISS/301 465 GET http://hays.de/ user1 HIER_DIRECT/149.126.72.70 -
1555577796.083 0 172.16.x.x TCP_DENIED/407 4124 CONNECT hays.de:443 - HIER_NONE/- text/html
1555577796.101 1 172.16.x.x TCP_DENIED/407 4460 CONNECT hays.de:443 - HIER_NONE/- text/html
1555577796.202 86 172.16.x.x NONE/200 0 CONNECT hays.de:443 user1 HIER_DIRECT/149.126.72.70 -
1555577796.302 15 172.16.x.x TCP_MISS/301 345 GET https://hays.de/ user1 HIER_DIRECT/149.126.72.70 -
1555577796.320 0 172.16.x.x TCP_DENIED/407 4140 CONNECT www.hays.de:443 - HIER_NONE/- text/html
1555577796.333 1 172.16.x.x TCP_DENIED/407 4476 CONNECT www.hays.de:443 - HIER_NONE/- text/html
1555577796.507 158 172.16.x.x NONE/200 0 CONNECT www.hays.de:443 user1 HIER_DIRECT/149.126.77.70 -
1555577796.602 30 172.16.x.x TCP_MISS_ABORTED/000 0 GET https://www.hays.de/ user1 HIER_DIRECT/149.126.77.70 -
Error displayed on https://www.hays.de (from the Browser Chrome/or Firefox):
Chrome: ERR_EMPTY_RESPONSE
Firefox: Secure Connection Failed // An error occurred during a connection to www.hays.de. // The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. // Please contact the website owners to inform them of this problem.
Header Response while this error message is displayed:
HTTP/1.1 200 Connection established
Server: squid
Mime-Version: 1.0
Date: Thu, 18 Apr 2019 09:05:28 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3759
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: NTLM VNTUAACAAAADAAMAD(...)
X-Cache: MISS from proxy02
X-Cache-Lookup: NONE from proxy02:8080
Via: 1.1 proxy02 (squid)
Connection: keep-alive
#### plantronics.com
1555577912.476 391 172.16.x.x TCP_MISS/301 869 GET http://plantronics.com/ user1 HIER_DIRECT/198.231.10.19 text/html
1555577912.514 0 172.16.x.x TCP_DENIED/407 4172 CONNECT www.plantronics.com:443 - HIER_NONE/- text/html
1555577912.529 1 172.16.x.x TCP_DENIED/407 4508 CONNECT www.plantronics.com:443 - HIER_NONE/- text/html
1555577912.864 324 172.16.x.x NONE/200 0 CONNECT www.plantronics.com:443 user1 HIER_DIRECT/54.192.94.216 -
1555577913.564 521 172.16.x.x TCP_MISS/403 745 GET https://www.plantronics.com/ user1 HIER_DIRECT/54.192.94.216 text/html
Error displayed on frontpage https://www.plantronics.com (from their Apache or Nginx):
Forbidden
You don't have permission to access /.noindex.html on this server.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users