Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

squid3 can't access google.com or bing.com [closed]

Tags:

squid

I've a strange problem with squid3. It is normally working and I can access most web sites through the proxy. However some sites like

google.com
bing.com 

just seem to get blocked but not always. Restarting squid3 doesn't seem to help or either clearing the /var/spool/squid3 ( cache ) directory.

If I login to the machine that squid3 is running on and

wget --no-proxy google.com

then there is no problem however if I wget through the proxy it never responds. Most other websites are accessible including stackoverflow.com which I am using through the proxy right at this moment. Any idea what might be special about google.com and bing.com so that squid3 is treating them differently and is there any setting in the squid3 conf file that might be related to such behaviour.

like image 457
bradgonesurfing Avatar asked Sep 28 '12 05:09

bradgonesurfing


2 Answers

I had too same problem. My problem caused by ipv6 connectivity issue. Squid3 support both ipv6 and ipv4 protocols. If your server can't connect ipv6 and remote server prefers ipv6 then squid too prefer ipv6 and can not retrieve data like access logs.

First try ipv6 connectivity with ping.

ping6 ivp6.google.com

If ping does not respond, lets configure squid3 for prefer ipv4 first.

Search in squid.conf

TAG: dns_v4_first

After

#Default:
#dns_v4_first off

Add

dns_v4_first on

Then restart squid3 server

service squid3 restart

Here is my access log before fix.

1352760882.854    796 88.my.ip.108 TCP_MISS/000 0 GET http://connect.facebook.net/en_US/all.js [squiduser] DIRECT/connect.facebook.net -
1352760885.717     69 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr -
1352760886.250     13 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr -
1352760887.011    369 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr -
1352760887.989     42 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr -
1352760888.984     75 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr -
1352760897.351   8165 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/search? [squiduser] DIRECT/www.google.com.tr -
1352761072.531  10970 88.my.ip.108 TCP_MISS/000 0 GET http://www.google-analytics.com/__utm.gif? [squiduser] DIRECT/www.google-analytics.com -
1352761072.533  10272 88.my.ip.108 TCP_MISS/000 0 GET http://apis.google.com/js/plusone.js [squiduser] DIRECT/apis.google.com -
1352761072.535  10262 88.my.ip.108 TCP_MISS/000 0 GET http://connect.facebook.net/en_US/all.js [squiduser] DIRECT/connect.facebook.net -

Here is my full squid configuration. I use squid as anonymous proxy server.

2012/11/14 00:09:02| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2012/11/14 00:09:02| Processing: auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid.passwd
2012/11/14 00:09:02| Processing: auth_param basic children 5
2012/11/14 00:09:02| Processing: auth_param basic realm Squid proxy-caching web server
2012/11/14 00:09:02| Processing: auth_param basic credentialsttl 2 hours
2012/11/14 00:09:02| Processing: acl manager proto cache_object
2012/11/14 00:09:02| Processing: acl localhost src 127.0.0.1/32 ::1
2012/11/14 00:09:02| Processing: acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
2012/11/14 00:09:02| Processing: acl CONNECT method CONNECT
2012/11/14 00:09:02| Processing: http_access allow manager localhost
2012/11/14 00:09:02| Processing: http_access deny manager
2012/11/14 00:09:02| Processing: http_access allow localhost
2012/11/14 00:09:02| Processing: acl ncsaauth proxy_auth REQUIRED
2012/11/14 00:09:02| Processing: http_access allow ncsaauth
2012/11/14 00:09:02| Processing: http_access deny all
2012/11/14 00:09:02| Processing: http_port 8880
2012/11/14 00:09:02| Processing: coredump_dir /var/spool/squid3
2012/11/14 00:09:02| Processing: refresh_pattern ^ftp:      1440    20% 10080
2012/11/14 00:09:02| Processing: refresh_pattern ^gopher:   1440    0%  1440
2012/11/14 00:09:02| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%  0
2012/11/14 00:09:02| Processing: refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
2012/11/14 00:09:02| Processing: refresh_pattern .      0   20% 4320
2012/11/14 00:09:02| Processing: dns_v4_first on
2012/11/14 00:09:02| Processing: forwarded_for delete
2012/11/14 00:09:02| Processing: request_header_access Allow allow all 
2012/11/14 00:09:02| Processing: request_header_access Authorization allow all 
2012/11/14 00:09:02| Processing: request_header_access WWW-Authenticate allow all 
2012/11/14 00:09:02| Processing: request_header_access Proxy-Authorization allow all 
2012/11/14 00:09:02| Processing: request_header_access Proxy-Authenticate allow all 
2012/11/14 00:09:02| Processing: request_header_access Cache-Control allow all 
2012/11/14 00:09:02| Processing: request_header_access Content-Encoding allow all 
2012/11/14 00:09:02| Processing: request_header_access Content-Length allow all 
2012/11/14 00:09:02| Processing: request_header_access Content-Type allow all 
2012/11/14 00:09:02| Processing: request_header_access Date allow all 
2012/11/14 00:09:02| Processing: request_header_access Expires allow all 
2012/11/14 00:09:02| Processing: request_header_access Host allow all 
2012/11/14 00:09:02| Processing: request_header_access If-Modified-Since allow all 
2012/11/14 00:09:02| Processing: request_header_access Last-Modified allow all 
2012/11/14 00:09:02| Processing: request_header_access Location allow all 
2012/11/14 00:09:02| Processing: request_header_access Pragma allow all 
2012/11/14 00:09:02| Processing: request_header_access Accept allow all 
2012/11/14 00:09:02| Processing: request_header_access Accept-Charset allow all 
2012/11/14 00:09:02| Processing: request_header_access Accept-Encoding allow all 
2012/11/14 00:09:02| Processing: request_header_access Accept-Language allow all 
2012/11/14 00:09:02| Processing: request_header_access Content-Language allow all 
2012/11/14 00:09:02| Processing: request_header_access Mime-Version allow all 
2012/11/14 00:09:02| Processing: request_header_access Retry-After allow all 
2012/11/14 00:09:02| Processing: request_header_access Title allow all 
2012/11/14 00:09:02| Processing: request_header_access Connection allow all 
2012/11/14 00:09:02| Processing: request_header_access Proxy-Connection allow all 
2012/11/14 00:09:02| Processing: request_header_access User-Agent allow all 
2012/11/14 00:09:02| Processing: request_header_access Cookie allow all 
2012/11/14 00:09:02| Processing: request_header_access All deny all 
like image 76
ugurerkan Avatar answered Oct 03 '22 10:10

ugurerkan


Bear in mind that dns_v4_first on only works in newer squid3 versions. If you run for example a debian6 server, you have squid3-3.1.6 which does not have this config switch.

For those older versions you have to edit the config line

tcp_outgoing_address SERVERIP all

Where SERVERIP is the IP of your server.

like image 27
user136036 Avatar answered Oct 03 '22 09:10

user136036