All geek questions in one place

Squid3 cannot access google.com or bing.com

I have a strange problem with squid3. It usually works, and I can access most websites through proxies. However, some sites, such as

google.com bing.com

just seems blocked, but not always. Restarting squid3 does not seem to help or clear the / var / spool / squid 3 (cache) directory.

If I log in to the system running squid3, and

 wget --no-proxy google.com

then there is no problem, however, if I wget through a proxy server, it never responds. Most other websites are available, including stackoverflow.com, which I am using through a proxy right now. Any idea what could be special about google.com and bing.com, so squid3 handles them differently and is there any parameter in the confid3 squid3 file that could be related to this behavior.

+6
source share
2 answers

I had the same problem. My problem is with the ipv6 connection problem. Squid3 supports ipv6 and ipv4 protocols. If your server cannot connect to ipv6 and the remote server prefers ipv6, then squid also prefers ipv6 and cannot receive data, such as access logs.

First try connecting ipv6 to ping.

 ping6 ivp6.google.com

If ping does not respond, configure squid3 to prefer ipv4.

Search in squid.conf

 TAG: dns_v4_first

After

 #Default: #dns_v4_first off

Add

 dns_v4_first on

Then restart the squid3 server

 service squid3 restart

Here is my access log before the fix.

 1352760882.854 796 88.my.ip.108 TCP_MISS/000 0 GET http://connect.facebook.net/en_US/all.js [squiduser] DIRECT/connect.facebook.net - 1352760885.717 69 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr - 1352760886.250 13 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr - 1352760887.011 369 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr - 1352760887.989 42 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr - 1352760888.984 75 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr - 1352760897.351 8165 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/search? [squiduser] DIRECT/www.google.com.tr - 1352761072.531 10970 88.my.ip.108 TCP_MISS/000 0 GET http://www.google-analytics.com/__utm.gif? [squiduser] DIRECT/www.google-analytics.com - 1352761072.533 10272 88.my.ip.108 TCP_MISS/000 0 GET http://apis.google.com/js/plusone.js [squiduser] DIRECT/apis.google.com - 1352761072.535 10262 88.my.ip.108 TCP_MISS/000 0 GET http://connect.facebook.net/en_US/all.js [squiduser] DIRECT/connect.facebook.net -

Here is my complete squid configuration. I use squid as an anonymous proxy server.

 2012/11/14 00:09:02| Processing Configuration File: /etc/squid3/squid.conf (depth 0) 2012/11/14 00:09:02| Processing: auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid.passwd 2012/11/14 00:09:02| Processing: auth_param basic children 5 2012/11/14 00:09:02| Processing: auth_param basic realm Squid proxy-caching web server 2012/11/14 00:09:02| Processing: auth_param basic credentialsttl 2 hours 2012/11/14 00:09:02| Processing: acl manager proto cache_object 2012/11/14 00:09:02| Processing: acl localhost src 127.0.0.1/32 ::1 2012/11/14 00:09:02| Processing: acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 2012/11/14 00:09:02| Processing: acl CONNECT method CONNECT 2012/11/14 00:09:02| Processing: http_access allow manager localhost 2012/11/14 00:09:02| Processing: http_access deny manager 2012/11/14 00:09:02| Processing: http_access allow localhost 2012/11/14 00:09:02| Processing: acl ncsaauth proxy_auth REQUIRED 2012/11/14 00:09:02| Processing: http_access allow ncsaauth 2012/11/14 00:09:02| Processing: http_access deny all 2012/11/14 00:09:02| Processing: http_port 8880 2012/11/14 00:09:02| Processing: coredump_dir /var/spool/squid3 2012/11/14 00:09:02| Processing: refresh_pattern ^ftp: 1440 20% 10080 2012/11/14 00:09:02| Processing: refresh_pattern ^gopher: 1440 0% 1440 2012/11/14 00:09:02| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 2012/11/14 00:09:02| Processing: refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 2012/11/14 00:09:02| Processing: refresh_pattern . 0 20% 4320 2012/11/14 00:09:02| Processing: dns_v4_first on 2012/11/14 00:09:02| Processing: forwarded_for delete 2012/11/14 00:09:02| Processing: request_header_access Allow allow all 2012/11/14 00:09:02| Processing: request_header_access Authorization allow all 2012/11/14 00:09:02| Processing: request_header_access WWW-Authenticate allow all 2012/11/14 00:09:02| Processing: request_header_access Proxy-Authorization allow all 2012/11/14 00:09:02| Processing: request_header_access Proxy-Authenticate allow all 2012/11/14 00:09:02| Processing: request_header_access Cache-Control allow all 2012/11/14 00:09:02| Processing: request_header_access Content-Encoding allow all 2012/11/14 00:09:02| Processing: request_header_access Content-Length allow all 2012/11/14 00:09:02| Processing: request_header_access Content-Type allow all 2012/11/14 00:09:02| Processing: request_header_access Date allow all 2012/11/14 00:09:02| Processing: request_header_access Expires allow all 2012/11/14 00:09:02| Processing: request_header_access Host allow all 2012/11/14 00:09:02| Processing: request_header_access If-Modified-Since allow all 2012/11/14 00:09:02| Processing: request_header_access Last-Modified allow all 2012/11/14 00:09:02| Processing: request_header_access Location allow all 2012/11/14 00:09:02| Processing: request_header_access Pragma allow all 2012/11/14 00:09:02| Processing: request_header_access Accept allow all 2012/11/14 00:09:02| Processing: request_header_access Accept-Charset allow all 2012/11/14 00:09:02| Processing: request_header_access Accept-Encoding allow all 2012/11/14 00:09:02| Processing: request_header_access Accept-Language allow all 2012/11/14 00:09:02| Processing: request_header_access Content-Language allow all 2012/11/14 00:09:02| Processing: request_header_access Mime-Version allow all 2012/11/14 00:09:02| Processing: request_header_access Retry-After allow all 2012/11/14 00:09:02| Processing: request_header_access Title allow all 2012/11/14 00:09:02| Processing: request_header_access Connection allow all 2012/11/14 00:09:02| Processing: request_header_access Proxy-Connection allow all 2012/11/14 00:09:02| Processing: request_header_access User-Agent allow all 2012/11/14 00:09:02| Processing: request_header_access Cookie allow all 2012/11/14 00:09:02| Processing: request_header_access All deny all
+27
source

Keep in mind that dns_v4_first only works in newer versions of squid3. If you started, for example, the debian6 server, you have squid3-3.1.6, which does not have this configuration switch.

For these older versions you need to edit the configuration line

 tcp_outgoing_address SERVERIP all

Where SERVERIP is the IP of your server.

+2
source

Source: https://habr.com/ru/post/926473/

More articles:


All Articles