1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

problem with squid proxy, help pls

Discussion in 'Proxies' started by alex7979, Sep 16, 2016.

  1. alex7979

    alex7979 Newbie

    Joined:
    Sep 15, 2015
    Messages:
    19
    Likes Received:
    1
    Hello everyone and thanks in advance for your help, the problem is I have a vps with centos 6 with a squid installed server, I had worked very well for several months but has several days that some pages end up not load or if they are all misconfigured as text only, I'm no expert I just like to read manuals and test for myself, as I was a little desperate delete the squid the vps and re-installed without changing anything in the configuration, only the access rules , here is the log of squid:

    1473952658.369 87040 xxx.xxx.xxx.xxx TCP_MISS/200 5537 CONNECT http://www.google.com:44/ 3 - DIRECT/216.58.219.100 -
    1473952658.370 83690 xxx.xxx.xxx.xxx TCP_MISS/200 26214 CONNECT http://www.ipoll.com:44/ 3 - DIRECT/198.232.218.239 -
    1473952658.374 88598 xxx.xxx.xxx.xxx TCP_MISS/200 6038 CONNECT http://www.google.com:44/ 3 - DIRECT/216.58.219.100 -
    1473952658.381 96084 xxx.xxx.xxx.xxx TCP_MISS/200 4298 CONNECT ssl.gstatic.com:4 43 - DIRECT/216.58.219.99 -
    1473952658.383 93244 xxx.xxx.xxx.xxx TCP_MISS/200 4298 CONNECT apis.google.com:4 43 - DIRECT/216.58.219.110 -
    1473952658.383 88865 xxx.xxx.xxx.xxx TCP_MISS/200 49082 CONNECT http://www.google.com:4/ 43 - DIRECT/216.58.219.100 -
    1473952658.386 88604 xxx.xxx.xxx.xxx TCP_MISS/200 6118 CONNECT http://www.google.com:44/ 3 - DIRECT/216.58.219.100 -
    1473952658.387 95008 xxx.xxx.xxx.xxx TCP_MISS/200 4298 CONNECT http://www.gstatic.com:4/ 43 - DIRECT/216.58.219.99 -
    1473952757.121 4833 xxx.xxx.xxx.xxx TCP_MISS/200 0 CONNECT snippets.cdn.mozilla .net:443 - DIRECT/54.192.82.95 -
    1473952769.061 151 xxx.xxx.xxx.xxx TCP_MISS/200 0 CONNECT http://www.google.com:443/ - DIRECT/216.58.219.100 -
    1473952826.513 69865 xxx.xxx.xxx.xxx TCP_MISS/200 4421 CONNECT self-repair.mozilla.org:443 - DIRECT/52.43.52.166 -
    1473952830.340 19698 xxx.xxx.xxx.xxx TCP_MISS/200 0 CONNECT aus5.mozilla.org:443 - DIRECT/52.89.19.189 -
    1473952842.959 59556 xxx.xxx.xxx.xxx TCP_MISS/200 0 CONNECT d3ph8ohza835t6.cloudfront.net:443 - DIRECT/52.85.35.45 -
    1473952871.893 63500 xxx.xxx.xxx.xxx TCP_MISS/200 3347 CONNECT incoming.telemetry.mozilla.org:443 - DIRECT/52.89.205.95 -
    1473952875.480 121207 xxx.xxx.xxx.xxx TCP_MISS/200 57785 CONNECT safebrowsing.google.com:443 - DIRECT/173.194.212.136 -
    1473952891.398 117356 xxx.xxx.xxx.xxx TCP_MISS/200 3938 CONNECT http://www.google.com:443/ - DIRECT/216.58.219.100 -
    1473952894.403 118096 xxx.xxx.xxx.xxx TCP_MISS/200 3906 CONNECT http://www.google.com:443/ - DIRECT/216.58.219.100 -
    1473952894.410 125640 xxx.xxx.xxx.xxx TCP_MISS/200 91607 CONNECT http://www.google.com:443/ - DIRECT/216.58.219.100 -
    1473952895.402 118383 xxx.xxx.xxx.xxx TCP_MISS/200 4546 CONNECT http://www.google.com:443/ - DIRECT/216.58.219.100 -
    1473952898.431 118588 xxx.xxx.xxx.xxx TCP_MISS/200 26177 CONNECT http://www.ipoll.com:443/ - DIRECT/198.232.218.239 -
    1473952931.813 62492 xxx.xxx.xxx.xxx TCP_MISS/200 3601 CONNECT shavar.services.mozilla.com:443 - DIRECT/54.68.114.20 -
    1473952979.413 218956 xxx.xxx.xxx.xxx TCP_MISS/200 3116121 CONNECT safebrowsing-cache.google.com:443 - DIRECT/216.58.219.110 -
    1473953668.542 901419 xxx.xxx.xxx.xxx TCP_MISS/200 0 CONNECT normandy.cdn.mozilla.net:443 - DIRECT/54.230.81.74 -



    and here is the squid conf:


    # Recommended minimum configuration:
    #
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32 ::1
    acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

    # Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
    acl localnet src fc00::/7 # RFC 4193 local private network range
    acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machin$

    acl SSL_ports port 443
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT

    #
    # Recommended minimum Access Permission configuration:
    #
    # Only allow cachemgr access from localhost
    http_access allow manager localhost
    http_access deny manager

    # Deny requests to certain unsafe ports
    http_access deny !Safe_ports

    # Deny CONNECT to other than secure SSL ports
    http_access deny CONNECT !SSL_ports

    # We strongly recommend the following be uncommented to protect innocent
    # web applications running on the proxy server who think the only
    # one who can access services on "localhost" is a local user
    #http_access deny to_localhost

    #
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    #

    # Example rule allowing access from your local networks.
    # Adapt localnet in the ACL section to list your (internal) IP networks
    # from where browsing should be allowed
    http_access allow localnet
    http_access allow localhost

    # And finally deny all other access to this proxy
    http_access allow all

    # Squid normally listens to port 3128
    http_port 3128

    # Uncomment and adjust the following to add a disk cache directory.
    #cache_dir ufs /var/spool/squid 100 16 256

    # Leave coredumps in the first cache dir
    coredump_dir /var/spool/squid

    # Add any of your own refresh_pattern entries above these.
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
    refresh_pattern . 0 20% 4320


    #Enter your servers IP here.
    acl ip1 myip xxx.xxx.xxx.xxx.
    tcp_outgoing_address xxx.xxx.xxx.xxx ip1




    i test the same pages with tinyproxy and opens smoothly, so the problem is with squid
     
  2. mrankin

    mrankin Jr. VIP Jr. VIP

    Joined:
    Oct 17, 2008
    Messages:
    1,262
    Likes Received:
    577
    Location:
    Australia
    Home Page:
    As you can see you're CONNECT is extremely slow. My guess is that general browsing works just fine. I'm also guessing that you're running squid 2.7 which doesn't fully support SSL as it should.

    The fix is to uninstall squid and install squid3 instead. You'll need a re-write your squid.conf as they are slightly different, but as you've got a copy just add in the acls you want.
     
    • Thanks Thanks x 1
  3. alex7979

    alex7979 Newbie

    Joined:
    Sep 15, 2015
    Messages:
    19
    Likes Received:
    1
    I'll try to install squid 3, but not like when I install the squid I just put the following command: "yum install squid" and I thought the last version was installed, I'll look in google and how to do it, and you say how it turned out, thank you very much for your answer
     
  4. alex7979

    alex7979 Newbie

    Joined:
    Sep 15, 2015
    Messages:
    19
    Likes Received:
    1
    Thanks the problem is solved, i reintall squid and thats all