Thank you for your clarification.
But could you please explain in more detail and in my case what needs to be added to "strengthen and ensure" the operation of my solution?
The quote from the file
squid.conf.documented is not very clear to me.
# # # First, mark transactions accepted after aclX matched
# # acl markSpecial annotate_transaction special=true
# # http_access allow acl001
# # ...
# # http_access deny acl100
# # http_access allow aclX markSpecial
# # acl markSpecial annotate_transaction special=true
# # http_access allow acl001
# # ...
# # http_access deny acl100
# # http_access allow aclX markSpecial
вс, 22 дек. 2024 г. в 22:47, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>:
On 2024-12-22 08:13, A. Pechenin wrote:
> The reason and solution were not simple and obvious at first glance.
> I have two providers accessing the gateway, the main and backup
> channels, and automatic switching is configured when the connection on
> the main channel is lost.
> To check, I switched the proxy server to the second channel and the
> problem with partial unavailability of Google services was solved.
>
> I returned it back, used a simple formula in the configuration file with
> subsequent partial adjustment of ipfw.
Glad you found a solution! Diagnosing problems related to CONNECT
tunnels is difficult because Squid (playing a role of a dumb TCP relay)
is often unaware of problems experienced by clients and origin servers.
> # Google via ISP2
> acl google dstdomain .google.com
> tcp_outgoing_address REAL_IP_ISP2 google
Please note that the above configuration usually "works" but is
unreliable and unsupported: tcp_outgoing_address directive does not
support slow ACLs and your ACL named google is a slow ACL.
For a more reliable solution, consider annotating google-matching
transaction at http_access check time and then using those annotations
at tcp_outgoing_address check time. For a somewhat related example, look
for "markSpecial" in squid.conf.documented or search this mailing list
archives for annotate_transaction discussions.
HTH,
Alex.
> сб, 21 дек. 2024 г. в 20:26, A. Pechenin <alexmrrc@xxxxxxxxx>:
>
> This week, when connecting users through a proxy server, some Google
> services became inaccessible, such as Calendar, Translator, user
> profile.
>
> When clicking on the services section in the browser on the Google
> portal, the page does not open and then a connection error is
> displayed. When directly going to the calendar section, the
> connection also hangs for a long time without loading the page. At
> the same time, the Google home page, mail, search work.
>
> Transparent proxying is not used.
> Viewing the proxy server logs did not add any understanding, all
> requests are processed correctly and no errors or prohibitions are
> observed. There are no other problems with the unavailability of any
> sites.
>
> When connecting directly (bypassing the proxy server), all Google
> services work completely correctly.
> The platform on which the problem was suddenly discovered:
> FreeBSD 13.2-RELEASE-p9
> Squid 6.6
>
> A new separate server was deployed for objectivity and finding the
> cause, but the problem was also reproduced there, its platform.
> FreeBSD 13.4-RELEASE-p2
> Squid 6.10
>
> I tried using the default configuration file (recommended minimum
> configuration) to eliminate the problem in my working squid.conf,
> but the problem remained
>
> I repeat, the problem reproduced suddenly, no changes were made to
> the proxy server configuration on our side, no problems with Google
> have arisen for many years. What should I pay attention to in the
> Squid configuration? Any idea
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
