In access.log i do not observe any questionable recordings when reproducing the problem:
acl hasRequest has request
access_log daemon:/var/log/squid/access.log squid hasRequest
TCP_TUNNEL/200 39 CONNECT play.google.com:443 - HIER_DIRECT/216.58.212.174 -
TCP_TUNNEL/200 39 CONNECT www.gstatic.com:443 - HIER_DIRECT/142.250.185.195 -
TCP_TUNNEL/200 6623 CONNECT drive.google.com:443 - HIER_DIRECT/142.250.27.194 -
TCP_TUNNEL/200 13269 CONNECT waa-pa.clients6.google.com:443 - HIER_DIRECT/142.250.186.138 -
TCP_TUNNEL/200 39 CONNECT www.gstatic.com:443 - HIER_DIRECT/142.250.185.195 -
TCP_TUNNEL/200 6623 CONNECT drive.google.com:443 - HIER_DIRECT/142.250.27.194 -
TCP_TUNNEL/200 13269 CONNECT waa-pa.clients6.google.com:443 - HIER_DIRECT/142.250.186.138 -
Yes, such messages were present in the cache.log when the Google service
was running. I didn't attach any significant importance to them.
Probably not, rather than yes. Either these messages will appear in the cache.log with a delay.
вс, 22 дек. 2024 г. в 07:17, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>:
On 2024-12-21 12:26, A. Pechenin wrote:
> This week, when connecting users through a proxy server, some Google
> services became inaccessible, such as Calendar, Translator, user profile.
Do you use any ssl_bump directives? You have mentioned a test with
"default configuration file" below. That configuration file does not
have any ssl_bump directives. When testing with that default
configuration file, did you add any ssl_bump directives?
If you are not using SslBump, then suggestions regarding "splicing" do
not apply to your environment -- your Squid is already effectively
splicing all TLS connections. In this case, please clarify whether
"Operation timed out" failures that you have mentioned in your second
post are also reflected in access.log records. You have said that "all
requests are processed correctly and no errors or prohibitions are
observed", and I am trying to correlate that statement with those
timeout errors...
> 2024/12/21 21:54:57 kid1| conn43356657 local=MYREALIP:53130
> remote=142.250.186.142:443 HIER_DIRECT FD 121 flags=1:
> read/write failure: (60) Operation timed out
> current master transaction: master13542083
Do you know whether these timeout errors were present when everything
was working correctly?
Do you always see at least one such timeout error for every case when
"the page does not open and then a connection error is displayed"? In
other words, is there a strong correlation between client-side problems
and these timeout errors in cache.log?
Thank you,
Alex.
> When clicking on the services section in the browser on the Google
> portal, the page does not open and then a connection error is displayed.
> When directly going to the calendar section, the connection also hangs
> for a long time without loading the page. At the same time, the Google
> home page, mail, search work.
>
> Transparent proxying is not used.
> Viewing the proxy server logs did not add any understanding, all
> requests are processed correctly and no errors or prohibitions are
> observed. There are no other problems with the unavailability of any sites.
>
> When connecting directly (bypassing the proxy server), all Google
> services work completely correctly.
> The platform on which the problem was suddenly discovered:
> FreeBSD 13.2-RELEASE-p9
> Squid 6.6
>
> A new separate server was deployed for objectivity and finding the
> cause, but the problem was also reproduced there, its platform.
> FreeBSD 13.4-RELEASE-p2
> Squid 6.10
>
> I tried using the default configuration file (recommended minimum
> configuration) to eliminate the problem in my working squid.conf, but
> the problem remained
>
> I repeat, the problem reproduced suddenly, no changes were made to the
> proxy server configuration on our side, no problems with Google have
> arisen for many years. What should I pay attention to in the Squid
> configuration? Any idea
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
