On 2024-12-22 08:13, A. Pechenin wrote:
The reason and solution were not simple and obvious at first glance.
I have two providers accessing the gateway, the main and backup
channels, and automatic switching is configured when the connection on
the main channel is lost.
To check, I switched the proxy server to the second channel and the
problem with partial unavailability of Google services was solved.
I returned it back, used a simple formula in the configuration file with
subsequent partial adjustment of ipfw.
Glad you found a solution! Diagnosing problems related to CONNECT
tunnels is difficult because Squid (playing a role of a dumb TCP relay)
is often unaware of problems experienced by clients and origin servers.
# Google via ISP2
acl google dstdomain .google.com
tcp_outgoing_address REAL_IP_ISP2 google
Please note that the above configuration usually "works" but is
unreliable and unsupported: tcp_outgoing_address directive does not
support slow ACLs and your ACL named google is a slow ACL.
For a more reliable solution, consider annotating google-matching
transaction at http_access check time and then using those annotations
at tcp_outgoing_address check time. For a somewhat related example, look
for "markSpecial" in squid.conf.documented or search this mailing list
archives for annotate_transaction discussions.
HTH,
Alex.
сб, 21 дек. 2024 г. в 20:26, A. Pechenin <alexmrrc@xxxxxxxxx>:
This week, when connecting users through a proxy server, some Google
services became inaccessible, such as Calendar, Translator, user
profile.
When clicking on the services section in the browser on the Google
portal, the page does not open and then a connection error is
displayed. When directly going to the calendar section, the
connection also hangs for a long time without loading the page. At
the same time, the Google home page, mail, search work.
Transparent proxying is not used.
Viewing the proxy server logs did not add any understanding, all
requests are processed correctly and no errors or prohibitions are
observed. There are no other problems with the unavailability of any
sites.
When connecting directly (bypassing the proxy server), all Google
services work completely correctly.
The platform on which the problem was suddenly discovered:
FreeBSD 13.2-RELEASE-p9
Squid 6.6
A new separate server was deployed for objectivity and finding the
cause, but the problem was also reproduced there, its platform.
FreeBSD 13.4-RELEASE-p2
Squid 6.10
I tried using the default configuration file (recommended minimum
configuration) to eliminate the problem in my working squid.conf,
but the problem remained
I repeat, the problem reproduced suddenly, no changes were made to
the proxy server configuration on our side, no problems with Google
have arisen for many years. What should I pay attention to in the
Squid configuration? Any idea
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
