Peace,
On 11/4/22 15:46, Alex Rousskov wrote:
On 11/4/22 02:31, Majed Zouhairy wrote:
with
logformat squidx %err_code/%err_detail
access_log xsquid
squid stopped logging completely
Please try to follow the earlier sketch more closely: Keep your usual
logformat codes while adding %err_code/%err_detail and keep your usual
access_log destination when specifying the custom logformat name
(xsquid). Use squid.conf.documented as a syntax reference for these
directives. Always monitor cache.log (or equivalent) for important
messages.
I think i am becoming Biden, i read the squid documented and didn't get
it, am i supposed to substitute %err_code/%err_detail with something
like [http:]>%h for example?
here is what cache.log displayed when i changed config to:
logformat squidx %err_code/%err_detail
access_log daemon:/var/log/squid/accessX.log squidx
acces.log stopped working and again cache.log displayed:
2022/11/09 16:58:36| SendEcho ERROR: sending to ICMPv6 packet to
[2a00:1450:4010:c02::5f]: (101) Network is unreachable
2022/11/09 16:58:40| SendEcho ERROR: sending to ICMPv6 packet to
[2a00:1450:4010:c0e::c6]: (101) Network is unreachable
2022/11/09 16:58:48| SendEcho ERROR: sending to ICMPv6 packet to
[2a00:1450:4010:c0d::66]: (101) Network is unreachable
2022/11/09 16:58:58| SendEcho ERROR: sending to ICMPv6 packet to
[2a00:1148:db00:0:b0b0::1]: (101) Network is unreachable
2022/11/09 16:59:29 kid1| Preparing for shutdown after 593 requests
2022/11/09 16:59:29 kid1| Waiting 30 seconds for active connections to
finish
2022/11/09 16:59:29 kid1| Killing master process, pid 22616
2022/11/09 16:59:29 kid1| Closing HTTP(S) port [::]:8080
2022/11/09 16:59:29 kid1| Closing Pinger socket on FD 46
2022/11/09 16:59:29 kid1| Preparing for shutdown after 593 requests
2022/11/09 16:59:29 kid1| Waiting 30 seconds for active connections to
finish
2022/11/09 16:59:29 kid1| WARNING: sslcrtd_program #Hlpr1 exited
current master transaction: master85
2022/11/09 16:59:29 kid1| Too few sslcrtd_program processes are running
(need 1/32)
current master transaction: master85
2022/11/09 16:59:29 kid1| Starting new helpers
current master transaction: master85
2022/11/09 16:59:29 kid1| helperOpenServers: Starting 1/32
'security_file_certgen' processes
current master transaction: master85
2022/11/09 16:59:29 kid1| WARNING: sslcrtd_program #Hlpr3 exited
2022/11/09 16:59:29 kid1| Too few sslcrtd_program processes are running
(need 1/32)
2022/11/09 16:59:29 kid1| storeDirWriteCleanLogs: Starting...
2022/11/09 16:59:29 kid1| 65536 entries written so far.
2022/11/09 16:59:29 kid1| Finished. Wrote 90620 entries.
2022/11/09 16:59:29 kid1| Took 0.10 seconds (914392.96 entries/sec).
2022/11/09 16:59:29 kid1| FATAL: The sslcrtd_program helpers are
crashing too rapidly, need help!
with
ssl_bump splice all
now the site works
OK, so now we know that something breaks around SslBump step1. The next
task is (still) getting %err_code/%err_detail working. If that is not
enough, then you will also need to collect debugging logs.
HTH,
Alex.
On 11/3/22 16:05, Alex Rousskov wrote:
On 11/3/22 05:43, Majed Zouhairy wrote:
i have 2 proxies, one with ssl bump and one without, there is a
internal site that opens only on the no ssl bump proxy.
on the ssl bump proxy it displays:
What does Squid say in access.log for this problematic request?
Please configure Squid to log %err_code/%err_detail before
answering this question. For example:
logformat xsquid ...your regular %codes... %err_code/%err_detail
access_log ... xsquid
Does the site works if you temporary replace your ssl_bump rules with:
ssl_bump peek all
ssl_bump splice all
Does the site works if you temporary replace your ssl_bump rules with:
ssl_bump peek tls_s1_connect
ssl_bump splice all
Alex.
Не удается получить доступ к сайтуВеб-страница по адресу (i was
unable to gain access to website:)
https://test-auth.ias.ckko.nl/oauth/authorize?response_type=code&client_id=agoh1xHNNwaLZ65uspARyhYj7V8GTWla&state=guest&authentication=usbtoken&redirect_uri=https%3A%2F%2Fais.skko.by%2Foauth2%2Fcallback, возможно, временно недоступна или постоянно перемещена по новому адресу. (it is possible that it can not bbe reached or it has been permanently relocated to a new address)
ERR_TUNNEL_CONNECTION_FAILED
the site needs special configurations to run:
it needs a local proxy to run, avtunproxy.nl
in the internet explorer settings:
the second box in the proxy settings needs to be checked called
the "use the scenario for automatic configuration"
in it, the proxy address is plugged
http://127.0.0.1:10224/proxy.pac
my bump settings are as follows:
acl tls_s1_connect at_step SslBump1
acl tls_s2_client_hello at_step SslBump2
acl tls_s3_server_hello at_step SslBump3
# define acls for sites that must not be actively bumped
acl tls_allowed_hsts ssl::server_name .akamaihd.net
acl tls_allowed_hsts ssl::server_name .proxy.ckko.nl
acl tls_server_is_bank ssl::server_name
"/usr/local/ufdbguard/blacklists/finance/domains.squidsplice"
acl tls_to_splice any-of tls_allowed_hsts
tls_server_is_bank
# TLS/SSL bumping steps
ssl_bump peek tls_s1_connect # peek
at TLS/SSL connect data
ssl_bump splice tls_to_splice #
splice some: no active bump
ssl_bump stare all #
stare(peek) at server
#
properties of the webserver
ssl_bump bump
contents of the
/usr/local/ufdbguard/blacklists/finance/domains.squidsplice file:
.ckko.nl
.ias.ckko.nl
.test-auth.ias.ckko.nl
.config.avtunproxy.nl
.rand.avtunproxy.nl
.avast.nl
.dev.avast.nl
.ncis.nl
.cdn.nlpost.nl
those are all the sites that are logged in on the non ssl bump
proxy when ias.ckko.nl is accessed
despite all this configuration, the site does not open. in
ufdbguard every site from the user is a pass.
in avtunproxy log :
2022/11/03 12:22:17.087001 |INF| [UPDATER] [TrustFirmware]
fetching https://ckko.nl/upload/certificates/8.crl
2022/11/03 12:28:34.634001 |ERR| [rid=ab7a9b1c9f39fb3e]
[addr=127.0.0.1:10523] [PROXY parent=proxy.ckko.nl:8080] HTTP 500
- EOF
2022/11/03 12:28:34.635001 |INF| [rid=ab7a9b1c9f39fb3e]
[addr=127.0.0.1:10523] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 14.000000 ms
2022/11/03 12:28:34.663001 |ERR| [rid=47fba344ff078bcf]
[addr=127.0.0.1:10526] [PROXY parent=proxy.ckko.nl:8080] HTTP 500
- read tcp 192.168.2.5:10527->10.0.0.18:8080: wsarecv: An existing
connection was forcibly closed by the remote host.
2022/11/03 12:28:34.664001 |INF| [rid=47fba344ff078bcf]
[addr=127.0.0.1:10526] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 17.000000 ms
2022/11/03 12:28:35.723001 |ERR| [rid=3f5ccf39ef0ae021]
[addr=127.0.0.1:10529] [PROXY parent=proxy.ckko.nl:8080] HTTP 500
- EOF
2022/11/03 12:28:35.723001 |INF| [rid=3f5ccf39ef0ae021]
[addr=127.0.0.1:10529] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 19.000000 ms
2022/11/03 12:28:35.748001 |ERR| [rid=c48d84308d001f59]
[addr=127.0.0.1:10531] [PROXY parent=proxy.ckko.nl:8080] HTTP 500
- EOF
2022/11/03 12:28:35.748001 |INF| [rid=c48d84308d001f59]
[addr=127.0.0.1:10531] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 12.000000 ms
2022/11/03 12:28:35.752001 |ERR| [rid=d181037283b2a34a]
[addr=127.0.0.1:10532] [PROXY parent=proxy.ckko.nl:8080] HTTP 500
- EOF
2022/11/03 12:28:35.752001 |INF| [rid=d181037283b2a34a]
[addr=127.0.0.1:10532] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 15.000000 ms
2022/11/03 12:28:40.775001 |ERR| [rid=27f00eecdbe53178]
[addr=127.0.0.1:10537] [PROXY parent=proxy.ckko.nl:8080] HTTP 500
- read tcp 192.168.2.5:10538->10.0.0.18:8080: wsarecv: An existing
connection was forcibly closed by the remote host.
2022/11/03 12:28:40.775001 |INF| [rid=27f00eecdbe53178]
[addr=127.0.0.1:10537] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 19.000000 ms
2022/11/03 12:28:40.815001 |ERR| [rid=79611bea389d7c9c]
[addr=127.0.0.1:10539] [PROXY parent=proxy.ckko.nl:8080] HTTP 500
- EOF
2022/11/03 12:28:40.816001 |INF| [rid=79611bea389d7c9c]
[addr=127.0.0.1:10539] [PROXY parent=proxy.ckko.nl:8080] CONNECT
test-oauth.ais.ckko.nl:443 -- 500 -- 14.000000 ms
2022/11/03 12:28:42.188001 |INF| [rid=7a104242baf9a559]
[addr=127.0.0.1:10541] GET /static/jquery.js - HTTP 200 - OK
2022/11/03 12:28:42.190001 |INF| [rid=27a7baff0fe5d70e]
[addr=127.0.0.1:10542] GET /static/bootstrap.js - HTTP 200 - OK
2022/11/03 12:28:42.192001 |INF| [rid=dbddaaa3f7759903]
[addr=127.0.0.1:10459] GET /static/bootstrap.css - HTTP 200 - OK
2022/11/03 12:28:42.287001 |INF| [rid=7e81e98ea9c70d3f]
[addr=127.0.0.1:10544] GET /api/v2/log
what is the solution?
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
