On 11/3/22 10:17, Majed Zouhairy wrote:
here is the log:
1667471160.808 77 192.168.2.5 NONE_NONE/200 0 CONNECT ckko.nl:443 - HIER_NONE/- -
i added the following line to squid:
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a
%mt %err_code/%err_detail
Please do not redefine built-in formats like "squid". As you can see,
your adjustment had no effect -- the log records do not end with -/- (or
better). Follow the xsquid sketch (that I shared earlier) instead.
with either
ssl_bump peek all
ssl_bump splice all
or
ssl_bump peek tls_s1_connect
ssl_bump splice all
it still does not work.
Interesting. How about just:
ssl_bump splice all
... which should splice the TCP connections before any TLS work begins.
Alex.
On 11/3/22 16:05, Alex Rousskov wrote:
On 11/3/22 05:43, Majed Zouhairy wrote:
i have 2 proxies, one with ssl bump and one without, there is a
internal site that opens only on the no ssl bump proxy.
on the ssl bump proxy it displays:
What does Squid say in access.log for this problematic request? Please
configure Squid to log %err_code/%err_detail before answering this
question. For example:
logformat xsquid ...your regular %codes... %err_code/%err_detail
access_log ... xsquid
Does the site works if you temporary replace your ssl_bump rules with:
ssl_bump peek all
ssl_bump splice all
Does the site works if you temporary replace your ssl_bump rules with:
ssl_bump peek tls_s1_connect
ssl_bump splice all
Alex.
Не удается получить доступ к сайтуВеб-страница по адресу (i was
unable to gain access to website:)
https://test-auth.ias.ckko.nl/oauth/authorize?response_type=code&client_id=agoh1xHNNwaLZ65uspARyhYj7V8GTWla&state=guest&authentication=usbtoken&redirect_uri=https%3A%2F%2Fais.skko.by%2Foauth2%2Fcallback,
возможно, временно недоступна или постоянно перемещена по новому
адресу. (it is possible that it can not bbe reached or it has been
permanently relocated to a new address)
ERR_TUNNEL_CONNECTION_FAILED
the site needs special configurations to run:
it needs a local proxy to run, avtunproxy.nl
in the internet explorer settings:
the second box in the proxy settings needs to be checked called the
"use the scenario for automatic configuration"
in it, the proxy address is plugged
http://127.0.0.1:10224/proxy.pac
my bump settings are as follows:
acl tls_s1_connect at_step SslBump1
acl tls_s2_client_hello at_step SslBump2
acl tls_s3_server_hello at_step SslBump3
# define acls for sites that must not be actively bumped
acl tls_allowed_hsts ssl::server_name .akamaihd.net
acl tls_allowed_hsts ssl::server_name .proxy.ckko.nl
acl tls_server_is_bank ssl::server_name
"/usr/local/ufdbguard/blacklists/finance/domains.squidsplice"
acl tls_to_splice any-of tls_allowed_hsts tls_server_is_bank
# TLS/SSL bumping steps
ssl_bump peek tls_s1_connect # peek at
TLS/SSL connect data
ssl_bump splice tls_to_splice # splice
some: no active bump
ssl_bump stare all #
stare(peek) at server
# properties
of the webserver
ssl_bump bump
contents of the
/usr/local/ufdbguard/blacklists/finance/domains.squidsplice file:
.ckko.nl
.ias.ckko.nl
.test-auth.ias.ckko.nl
.config.avtunproxy.nl
.rand.avtunproxy.nl
.avast.nl
.dev.avast.nl
.ncis.nl
.cdn.nlpost.nl
those are all the sites that are logged in on the non ssl bump proxy
when ias.ckko.nl is accessed
despite all this configuration, the site does not open. in ufdbguard
every site from the user is a pass.
in avtunproxy log :
2022/11/03 12:22:17.087001 |INF| [UPDATER] [TrustFirmware] fetching
https://ckko.nl/upload/certificates/8.crl
2022/11/03 12:28:34.634001 |ERR| [rid=ab7a9b1c9f39fb3e]
[addr=127.0.0.1:10523] [PROXY parent=proxy.ckko.nl:8080] HTTP 500 - EOF
2022/11/03 12:28:34.635001 |INF| [rid=ab7a9b1c9f39fb3e]
[addr=127.0.0.1:10523] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 14.000000 ms
2022/11/03 12:28:34.663001 |ERR| [rid=47fba344ff078bcf]
[addr=127.0.0.1:10526] [PROXY parent=proxy.ckko.nl:8080] HTTP 500 -
read tcp 192.168.2.5:10527->10.0.0.18:8080: wsarecv: An existing
connection was forcibly closed by the remote host.
2022/11/03 12:28:34.664001 |INF| [rid=47fba344ff078bcf]
[addr=127.0.0.1:10526] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 17.000000 ms
2022/11/03 12:28:35.723001 |ERR| [rid=3f5ccf39ef0ae021]
[addr=127.0.0.1:10529] [PROXY parent=proxy.ckko.nl:8080] HTTP 500 - EOF
2022/11/03 12:28:35.723001 |INF| [rid=3f5ccf39ef0ae021]
[addr=127.0.0.1:10529] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 19.000000 ms
2022/11/03 12:28:35.748001 |ERR| [rid=c48d84308d001f59]
[addr=127.0.0.1:10531] [PROXY parent=proxy.ckko.nl:8080] HTTP 500 - EOF
2022/11/03 12:28:35.748001 |INF| [rid=c48d84308d001f59]
[addr=127.0.0.1:10531] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 12.000000 ms
2022/11/03 12:28:35.752001 |ERR| [rid=d181037283b2a34a]
[addr=127.0.0.1:10532] [PROXY parent=proxy.ckko.nl:8080] HTTP 500 - EOF
2022/11/03 12:28:35.752001 |INF| [rid=d181037283b2a34a]
[addr=127.0.0.1:10532] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 15.000000 ms
2022/11/03 12:28:40.775001 |ERR| [rid=27f00eecdbe53178]
[addr=127.0.0.1:10537] [PROXY parent=proxy.ckko.nl:8080] HTTP 500 -
read tcp 192.168.2.5:10538->10.0.0.18:8080: wsarecv: An existing
connection was forcibly closed by the remote host.
2022/11/03 12:28:40.775001 |INF| [rid=27f00eecdbe53178]
[addr=127.0.0.1:10537] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 19.000000 ms
2022/11/03 12:28:40.815001 |ERR| [rid=79611bea389d7c9c]
[addr=127.0.0.1:10539] [PROXY parent=proxy.ckko.nl:8080] HTTP 500 - EOF
2022/11/03 12:28:40.816001 |INF| [rid=79611bea389d7c9c]
[addr=127.0.0.1:10539] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 14.000000 ms
2022/11/03 12:28:42.188001 |INF| [rid=7a104242baf9a559]
[addr=127.0.0.1:10541] GET /static/jquery.js - HTTP 200 - OK
2022/11/03 12:28:42.190001 |INF| [rid=27a7baff0fe5d70e]
[addr=127.0.0.1:10542] GET /static/bootstrap.js - HTTP 200 - OK
2022/11/03 12:28:42.192001 |INF| [rid=dbddaaa3f7759903]
[addr=127.0.0.1:10459] GET /static/bootstrap.css - HTTP 200 - OK
2022/11/03 12:28:42.287001 |INF| [rid=7e81e98ea9c70d3f]
[addr=127.0.0.1:10544] GET /api/v2/log
what is the solution?
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users