Re: [squid-users] Q: How to set up squid for MSN messenger

From: Chris Selwyn <chris@dont-contact.us>
Date: Mon, 01 Dec 2003 09:25:28 +0000

Thanks for the reply...

I am behind a NAT router and it's running on RH8.0 and I have a DNS server
setup which serves addresses fine the rest of the time.
I can dig/nslookup the addresses that are being accessed.

I wondered whether it was a temporary thing but it's still happening this
morning.

I turned up the logging a bit and now I get the following in my cache log file

2003/12/01 09:10:00| fd_open FD 16 HTTP Request
2003/12/01 09:10:00| cbdataAdd: 0x84281e8
2003/12/01 09:10:00| cbdataLock: 0x84281e8
2003/12/01 09:10:00| commSetTimeout: FD 16 timeout 30
2003/12/01 09:10:00| aclMatchAclList: checking all
2003/12/01 09:10:00| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2003/12/01 09:10:00| aclMatchIp: '172.16.0.51' found
2003/12/01 09:10:00| aclMatchAclList: returning 1
2003/12/01 09:10:00| parseHttpRequest: req_hdr = {User-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; MSN Messenger 6.0.
0602)^M
Host: login.passport.com^M
Content-Length: 0^M
Proxy-Connection: Keep-Alive^M
Pragma: no-cache^M
^M
}
2003/12/01 09:10:00| parseHttpRequest: end = {}
2003/12/01 09:10:00| parseHttpRequest: prefix_sz = 243, req_line_sz = 41

Then it does its acl checking and a little while later I get...

2003/12/01 09:10:00| aclMatchAcl: checking 'acl passportdom dstdomain
.passport.com # Destination server from URL'
2003/12/01 09:10:00| aclMatchDomainList: checking 'login.passport.com'
2003/12/01 09:10:00| aclMatchDomainList: 'login.passport.com' found
2003/12/01 09:10:00| aclMatchAclList: returning 1
2003/12/01 09:10:00| cbdataUnlock: 0x8237e40
2003/12/01 09:10:00| aclCheck: match found, returning 1
2003/12/01 09:10:00| aclCheckCallback: answer=1
2003/12/01 09:10:00| cbdataValid: 0x84ed798
2003/12/01 09:10:00| The request CONNECT login.passport.com:443 is ALLOWED,
because it matched 'passportdom'
2003/12/01 09:10:00| cbdataAdd: 0x84edb10
2003/12/01 09:10:00| cbdataLock: 0x84ed798
2003/12/01 09:10:00| cbdataLock: 0x84edb10
2003/12/01 09:10:00| cbdataValid: 0x84edb10
2003/12/01 09:10:00| cbdataUnlock: 0x84ed798
2003/12/01 09:10:00| cbdataUnlock: 0x84281e8
2003/12/01 09:10:00| cbdataFree: 0x84ed9f0
2003/12/01 09:10:00| cbdataReallyFree: Freeing 0x84ed9f0
2003/12/01 09:10:00| cbdataValid: 0x823c0f0
2003/12/01 09:10:00| helperHandleRead: end of reply found
2003/12/01 09:10:00| cbdataValid: 0x84edb10
2003/12/01 09:10:00| cbdataValid: 0x84ed798
2003/12/01 09:10:00| cbdataUnlock: 0x84ed798
2003/12/01 09:10:00| aclMatchAclList: checking all
2003/12/01 09:10:00| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2003/12/01 09:10:00| aclMatchIp: '172.16.0.51' found
2003/12/01 09:10:00| aclMatchAclList: returning 1
2003/12/01 09:10:00| sslStart: 'CONNECT http.matson.stc.com:443'
2003/12/01 09:10:00| fd_open FD 19 http.matson.stc.com:443
2003/12/01 09:10:00| cbdataAdd: 0x84ee180
2003/12/01 09:10:00| cbdataLock: 0x84ee180
2003/12/01 09:10:00| cbdataLock: 0x84ee180
2003/12/01 09:10:00| commSetTimeout: FD 16 timeout 86400
2003/12/01 09:10:00| commSetTimeout: FD 19 timeout 120
2003/12/01 09:10:00| peerSelect: CONNECT
2003/12/01 09:10:00| cbdataAdd: 0x8518c70
2003/12/01 09:10:00| cbdataLock: 0x84ee180
2003/12/01 09:10:00| peerSelectFoo: 'CONNECT http.matson.stc.com'
2003/12/01 09:10:00| peerCheckNetdbDirect: MY RTT = 0 msec
2003/12/01 09:10:00| peerCheckNetdbDirect: minimum_direct_rtt = 400 msec
2003/12/01 09:10:00| peerCheckNetdbDirect: MY hops = 0
2003/12/01 09:10:00| peerCheckNetdbDirect: minimum_direct_hops = 4
2003/12/01 09:10:00| whichPeer: from 0.0.0.0 port 0
2003/12/01 09:10:00| peerSelectFoo: direct = DIRECT_MAYBE
2003/12/01 09:10:00| cbdataValid: 0x84ee180
2003/12/01 09:10:00| commConnectStart: FD 19, http.matson.stc.com:443
2003/12/01 09:10:00| cbdataAdd: 0x8518cf0
2003/12/01 09:10:00| cbdataLock: 0x84ee180
2003/12/01 09:10:00| cbdataLock: 0x8518cf0
2003/12/01 09:10:00| cbdataLock: 0x8518cf0
2003/12/01 09:10:00| cbdataAdd: 0x845c8c0
2003/12/01 09:10:00| idnsALookup: buf is 37 bytes for http.matson.stc.com,
id = 0x2
2003/12/01 09:10:00| cbdataLock: 0x845c8c0
2003/12/01 09:10:00| cbdataUnlock: 0x84ee180
2003/12/01 09:10:00| cbdataFree: 0x8518c70
2003/12/01 09:10:00| cbdataReallyFree: Freeing 0x8518c70
2003/12/01 09:10:00| cbdataFree: 0x84edb10
2003/12/01 09:10:00| cbdataFree: 0x84edb10 has 1 locks, not freeing
2003/12/01 09:10:00| cbdataUnlock: 0x84edb10
2003/12/01 09:10:00| cbdataReallyFree: Freeing 0x84edb10
2003/12/01 09:10:00| idnsRead: FD 4: received 84 bytes from 172.16.0.52.
2003/12/01 09:10:00| idnsGrokReply: ID 0x2, -3 answers
2003/12/01 09:10:00| idnsGrokReply: error 3
2003/12/01 09:10:00| cbdataValid: 0x845c8c0
2003/12/01 09:10:00| cbdataUnlock: 0x845c8c0
2003/12/01 09:10:00| cbdataFree: 0x845c8c0
2003/12/01 09:10:00| cbdataReallyFree: Freeing 0x845c8c0
2003/12/01 09:10:00| ipcacheParse: Lookup failed (error 3)
2003/12/01 09:10:00| cbdataValid: 0x8518cf0
2003/12/01 09:10:00| commConnectDnsHandle: Unknown host: http.matson.stc.com

It seems to be looking up http.matson.stc.com (matson.stc.com is my domain)
and failing because it doesn't exist!

I don't know why it is even trying to access http.matson.stc.com.

Any ideas why it might be doing this?

Chris

BTW my squid version is squid-2.4.STABLE7-4

At 01:19 01/12/2003, Henrik Nordstrom wrote:

>On Sun, 30 Nov 2003, Chris Selwyn wrote:
>
> > However, I still get 404 entries in the squid access log as follows...
> >
> > 1070223380.986 2 172.16.0.51 TCP_MISS/404 0 CONNECT
> > login.passport.com:443 - DIRECT/- -
>
>This indiated your Squid proxy could not reslove the login.passport.com
>DNS name.
>
>Are you inside a proxy firewall or using a internal DNS server not knowing
>about Internet addresses?
>
>Regards
>Henrik
>
>
>
>
>---
>Incoming mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.545 / Virus Database: 339 - Release Date: 27/11/2003

Chris Selwyn
Nr. Bath
Somerset
United Kingdom

Email: chris@selwyn-family.me.uk
WWW: http://www.selwyn-family.me.uk

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.545 / Virus Database: 339 - Release Date: 27/11/2003
Received on Mon Dec 01 2003 - 02:25:36 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:03 MST