Great Job sorry I assumed this was related to ssl bump issues. Sent from my iPhone > On Dec 22, 2024, at 11:47, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > On 2024-12-22 08:13, A. Pechenin wrote: >> The reason and solution were not simple and obvious at first glance. >> I have two providers accessing the gateway, the main and backup channels, and automatic switching is configured when the connection on the main channel is lost. >> To check, I switched the proxy server to the second channel and the problem with partial unavailability of Google services was solved. >> I returned it back, used a simple formula in the configuration file with subsequent partial adjustment of ipfw. > > Glad you found a solution! Diagnosing problems related to CONNECT tunnels is difficult because Squid (playing a role of a dumb TCP relay) is often unaware of problems experienced by clients and origin servers. > > >> # Google via ISP2 >> acl google dstdomain .google.com >> tcp_outgoing_address REAL_IP_ISP2 google > > Please note that the above configuration usually "works" but is unreliable and unsupported: tcp_outgoing_address directive does not support slow ACLs and your ACL named google is a slow ACL. > > For a more reliable solution, consider annotating google-matching transaction at http_access check time and then using those annotations at tcp_outgoing_address check time. For a somewhat related example, look for "markSpecial" in squid.conf.documented or search this mailing list archives for annotate_transaction discussions. > > > HTH, > > Alex. > > >> сб, 21 дек. 2024 г. в 20:26, A. Pechenin <alexmrrc@xxxxxxxxx>: >> This week, when connecting users through a proxy server, some Google >> services became inaccessible, such as Calendar, Translator, user >> profile. >> When clicking on the services section in the browser on the Google >> portal, the page does not open and then a connection error is >> displayed. When directly going to the calendar section, the >> connection also hangs for a long time without loading the page. At >> the same time, the Google home page, mail, search work. >> Transparent proxying is not used. >> Viewing the proxy server logs did not add any understanding, all >> requests are processed correctly and no errors or prohibitions are >> observed. There are no other problems with the unavailability of any >> sites. >> When connecting directly (bypassing the proxy server), all Google >> services work completely correctly. >> The platform on which the problem was suddenly discovered: >> FreeBSD 13.2-RELEASE-p9 >> Squid 6.6 >> A new separate server was deployed for objectivity and finding the >> cause, but the problem was also reproduced there, its platform. >> FreeBSD 13.4-RELEASE-p2 >> Squid 6.10 >> I tried using the default configuration file (recommended minimum >> configuration) to eliminate the problem in my working squid.conf, >> but the problem remained >> I repeat, the problem reproduced suddenly, no changes were made to >> the proxy server configuration on our side, no problems with Google >> have arisen for many years. What should I pay attention to in the >> Squid configuration? Any idea >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> https://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
