Hi I have a proxy server with Squid 2.7 installed, and I a problem
with a specific page.
www.correo-gto.com.mx
A client can not access via proxy (squid 2.7) to this page.
Accessing to diferents pages I do not have this problem, the
navigation via proxy works fine.
I have adj the config file for the squid.
I have the following logs:
(1)
log in /var/log/squid/access.log:
---------------------------------
1354318142.058 381547 10.0.12.51 TCP_MISS/502 1634 GET
http://www.correo-gto.com.mx/ - DIRECT/184.154.122.58 text/html
1354318175.552 378090 10.0.12.51 TCP_MISS/502 1634 GET
http://www.correo-gto.com.mx/ - DIRECT/184.154.122.58 text/html
1354318206.135 378088 10.0.12.51 TCP_MISS/502 1634 GET
http://www.correo-gto.com.mx/ - DIRECT/184.154.122.58 text/html
(2)
error in firefox accessing to www.correo-gto.com.mx
-----------------
ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL:
http://www.correo-gto.com.mx/
Read Error
The system returned: (104) Connection reset by peer
An error condition occurred while reading data from the network.
Please retry your request.
Your cache administrator is webmaster.
Generated Fri, 31 Aug 2012 21:36:31 GMT by webproxy (squid/2.7.STABLE7)
(3.a)
Testin nslookup from the proxy server:
--------------------------------
# nslookup correo-gto.com.mx
Server: 10.0.0.2
Address: 10.0.0.2#53
Non-authoritative answer:
Name: correo-gto.com.mx
Address: 184.154.122.58
(4.a)
Making a tracepath to correo-gto.com.mx from proxy server
---------------------------------
# tracepath correo-gto.com.mx
1: web.congresogto.gob.mx (10.0.0.8) 0.200ms pmtu 1500
1: 10.0.0.253 (10.0.0.253) 0.230ms
1: 10.0.0.253 (10.0.0.253) 0.183ms
2: no reply
3: no reply
4: no reply
...
30: no reply
31: no reply
I have posted the problem in, but I have not had a contribution.
http://www.linuxquestions.org/questions/showthread.php?p=4771659#post4771659
I will appreciate a lot, if you can help me on this, I been looking
throw a solution, but I have not succeed.
On the other hand, I have configure a new proxy test with squid 3.1,
and works fine, I can reach to the page correo-gto.com.mx with out any
problem.
Thanks and have a great day.
squid.conf file, here are the changes that I have made:
diff -purN squid.conf.orig squid.conf
--- squid.conf.orig 2012-03-22 09:30:54.732721143 -0600
+++ squid.conf 2012-12-05 13:02:57.745042191 -0600
@@ -608,7 +608,7 @@ acl to_localhost dst 127.0.0.0/8 0.0.0.0
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
-acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
+acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
@@ -626,9 +626,16 @@ acl Safe_ports port 777 # multiling htt
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
+acl Safe_ports port 3201 # SAP
+acl Safe_ports port 82 # isseg
+
acl purge method PURGE
acl CONNECT method CONNECT
+# Lista de pAginas denegadas
+acl pages_deny url_regex "/etc/squid/pagesDeny.acl"
+acl pages_acces url_regex "/etc/squid/pagesAcces.acl"
+
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
@@ -662,6 +669,11 @@ http_access deny purge
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
+
+# Deny pages request
+#http_access deny pages_deny
+#http_access allow pages_acces
+
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
@@ -673,7 +685,7 @@ http_access deny CONNECT !SSL_ports
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
-#http_access allow localnet
+http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
@@ -715,8 +727,8 @@ http_access deny all
# icp_access deny all
#
#Allow ICP queries from local networks only
-icp_access allow localnet
-icp_access deny all
+##icp_access allow localnet
+##icp_access deny all
# TAG: htcp_access
# Allowing or Denying access to the HTCP port based on defined
@@ -1111,7 +1123,7 @@ icp_access deny all
# visible on the internal address.
#
# Squid normally listens to port 3128
-http_port 3128
+http_port 3128 transparent
# TAG: https_port
# Note: This option is only available if Squid is rebuilt with the
@@ -1748,7 +1760,7 @@ hierarchy_stoplist cgi-bin ?
# objects.
#
#Default:
-# cache_mem 8 MB
+cache_mem 1024 MB
# TAG: maximum_object_size_in_memory (bytes)
# Objects greater than this size will not be attempted to kept in
@@ -1757,7 +1769,7 @@ hierarchy_stoplist cgi-bin ?
# enough to keep larger objects from hoarding cache_mem.
#
#Default:
-# maximum_object_size_in_memory 8 KB
+maximum_object_size_in_memory 512 KB
# TAG: memory_replacement_policy
# The memory replacement policy parameter determines which
@@ -1955,7 +1967,7 @@ hierarchy_stoplist cgi-bin ?
# (hard coded at 1 MB).
#
#Default:
-# cache_dir ufs /var/spool/squid 100 16 256
+cache_dir ufs /var/spool/squid 6144 14 256
# TAG: store_dir_select_algorithm
# Set this to 'round-robin' as an alternative.
@@ -1998,7 +2010,7 @@ hierarchy_stoplist cgi-bin ?
# proper proxy for APT.
#
#Default:
-# maximum_object_size 20480 KB
+maximum_object_size 10240 MB
# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
@@ -2015,8 +2027,8 @@ hierarchy_stoplist cgi-bin ?
# numbers closer together.
#
#Default:
-# cache_swap_low 90
-# cache_swap_high 95
+cache_swap_low 90
+cache_swap_high 95
# TAG: update_headers on|off
# By default Squid updates stored HTTP headers when receiving
@@ -2816,6 +2828,7 @@ refresh_pattern . 0 20% 4320
#
#Default:
# negative_ttl 5 minutes
+negative_ttl 0 seconds
# TAG: positive_dns_ttl time-units
# Upper limit on how long Squid will cache positive DNS responses.
@@ -2892,6 +2905,7 @@ refresh_pattern . 0 20% 4320
#
#Default:
# request_header_max_size 20 KB
+request_header_max_size 64 KB
# TAG: reply_header_max_size (KB)
# This specifies the maximum size for HTTP headers in a reply.
@@ -2902,6 +2916,7 @@ refresh_pattern . 0 20% 4320
#
#Default:
# reply_header_max_size 20 KB
+reply_header_max_size 64 KB
# TAG: request_body_max_size (KB)
# This specifies the maximum size for an HTTP request body.
@@ -3307,6 +3322,7 @@ extension_methods REPORT MERGE MKACTIVIT
#
#Default:
# half_closed_clients on
+half_closed_clients off
# TAG: pconn_timeout
# Timeout for idle persistent connections to servers and other
@@ -3344,8 +3360,7 @@ extension_methods REPORT MERGE MKACTIVIT
# mail if the cache dies. The default is "webmaster".
#
#Default:
-# cache_mgr webmaster
-
+cache_mgr dti_at_congresogto.gob.mx
# TAG: mail_from
# From: email-address for mail sent when the cache dies.
# The default is to use 'appname_at_unique_hostname'.
@@ -3498,7 +3513,7 @@ extension_methods REPORT MERGE MKACTIVIT
#
#Default:
# httpd_accel_no_pmtu_disc off
-
+httpd_accel_no_pmtu_disc on
# DELAY POOL PARAMETERS
# -----------------------------------------------------------------------------
@@ -3815,6 +3830,7 @@ extension_methods REPORT MERGE MKACTIVIT
#
#Default:
# persistent_connection_after_error off
+persistent_connection_after_error on
# TAG: detect_broken_pconn
# Some servers have been found to incorrectly signal the use
@@ -3940,6 +3956,7 @@ extension_methods REPORT MERGE MKACTIVIT
#
#Default:
# icp_port 3130
+icp_port 0
# TAG: htcp_port
# The port number where Squid sends and receives HTCP queries to
@@ -4236,6 +4253,7 @@ extension_methods REPORT MERGE MKACTIVIT
#
#Default:
# error_directory /usr/share/squid/errors/en
+error_directory /usr/share/squid/errors/es-mx
# TAG: error_map
# Map errors to custom messages
@@ -4511,6 +4529,7 @@ extension_methods REPORT MERGE MKACTIVIT
#
#Default:
# check_hostnames on
+check_hostnames off
# TAG: allow_underscore
# Underscore characters is not strictly allowed in Internet hostnames
@@ -4888,6 +4907,7 @@ coredump_dir /var/spool/squid
#
#Default:
# balance_on_multiple_ip on
+balance_on_multiple_ip off
# TAG: pipeline_prefetch
# To boost the performance of pipelined requests to closer
-- DiegoReceived on Wed Dec 05 2012 - 21:23:59 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 06 2012 - 12:00:04 MST