I've a strange problem with squid3. It is normally working and I can access most web sites through the proxy. However some sites like
google.com
bing.com
just seem to get blocked but not always. Restarting squid3 doesn't seem to help or either clearing the /var/spool/squid3 ( cache ) directory.
If I login to the machine that squid3 is running on and
wget --no-proxy google.com
then there is no problem however if I wget through the proxy it never responds. Most other websites are accessible including stackoverflow.com which I am using through the proxy right at this moment. Any idea what might be special about google.com and bing.com so that squid3 is treating them differently and is there any setting in the squid3 conf file that might be related to such behaviour.
I had too same problem. My problem caused by ipv6 connectivity issue. Squid3 support both ipv6 and ipv4 protocols. If your server can't connect ipv6 and remote server prefers ipv6 then squid too prefer ipv6 and can not retrieve data like access logs.
First try ipv6 connectivity with ping.
ping6 ivp6.google.com
If ping does not respond, lets configure squid3 for prefer ipv4 first.
Search in squid.conf
TAG: dns_v4_first
After
#Default:
#dns_v4_first off
Add
dns_v4_first on
Then restart squid3 server
service squid3 restart
Here is my access log before fix.
1352760882.854 796 88.my.ip.108 TCP_MISS/000 0 GET http://connect.facebook.net/en_US/all.js [squiduser] DIRECT/connect.facebook.net -
1352760885.717 69 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr -
1352760886.250 13 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr -
1352760887.011 369 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr -
1352760887.989 42 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr -
1352760888.984 75 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/complete/search? [squiduser] DIRECT/www.google.com.tr -
1352760897.351 8165 88.my.ip.108 TCP_MISS/000 0 GET http://www.google.com.tr/search? [squiduser] DIRECT/www.google.com.tr -
1352761072.531 10970 88.my.ip.108 TCP_MISS/000 0 GET http://www.google-analytics.com/__utm.gif? [squiduser] DIRECT/www.google-analytics.com -
1352761072.533 10272 88.my.ip.108 TCP_MISS/000 0 GET http://apis.google.com/js/plusone.js [squiduser] DIRECT/apis.google.com -
1352761072.535 10262 88.my.ip.108 TCP_MISS/000 0 GET http://connect.facebook.net/en_US/all.js [squiduser] DIRECT/connect.facebook.net -
Here is my full squid configuration. I use squid as anonymous proxy server.
2012/11/14 00:09:02| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2012/11/14 00:09:02| Processing: auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid.passwd
2012/11/14 00:09:02| Processing: auth_param basic children 5
2012/11/14 00:09:02| Processing: auth_param basic realm Squid proxy-caching web server
2012/11/14 00:09:02| Processing: auth_param basic credentialsttl 2 hours
2012/11/14 00:09:02| Processing: acl manager proto cache_object
2012/11/14 00:09:02| Processing: acl localhost src 127.0.0.1/32 ::1
2012/11/14 00:09:02| Processing: acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
2012/11/14 00:09:02| Processing: acl CONNECT method CONNECT
2012/11/14 00:09:02| Processing: http_access allow manager localhost
2012/11/14 00:09:02| Processing: http_access deny manager
2012/11/14 00:09:02| Processing: http_access allow localhost
2012/11/14 00:09:02| Processing: acl ncsaauth proxy_auth REQUIRED
2012/11/14 00:09:02| Processing: http_access allow ncsaauth
2012/11/14 00:09:02| Processing: http_access deny all
2012/11/14 00:09:02| Processing: http_port 8880
2012/11/14 00:09:02| Processing: coredump_dir /var/spool/squid3
2012/11/14 00:09:02| Processing: refresh_pattern ^ftp: 1440 20% 10080
2012/11/14 00:09:02| Processing: refresh_pattern ^gopher: 1440 0% 1440
2012/11/14 00:09:02| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2012/11/14 00:09:02| Processing: refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
2012/11/14 00:09:02| Processing: refresh_pattern . 0 20% 4320
2012/11/14 00:09:02| Processing: dns_v4_first on
2012/11/14 00:09:02| Processing: forwarded_for delete
2012/11/14 00:09:02| Processing: request_header_access Allow allow all
2012/11/14 00:09:02| Processing: request_header_access Authorization allow all
2012/11/14 00:09:02| Processing: request_header_access WWW-Authenticate allow all
2012/11/14 00:09:02| Processing: request_header_access Proxy-Authorization allow all
2012/11/14 00:09:02| Processing: request_header_access Proxy-Authenticate allow all
2012/11/14 00:09:02| Processing: request_header_access Cache-Control allow all
2012/11/14 00:09:02| Processing: request_header_access Content-Encoding allow all
2012/11/14 00:09:02| Processing: request_header_access Content-Length allow all
2012/11/14 00:09:02| Processing: request_header_access Content-Type allow all
2012/11/14 00:09:02| Processing: request_header_access Date allow all
2012/11/14 00:09:02| Processing: request_header_access Expires allow all
2012/11/14 00:09:02| Processing: request_header_access Host allow all
2012/11/14 00:09:02| Processing: request_header_access If-Modified-Since allow all
2012/11/14 00:09:02| Processing: request_header_access Last-Modified allow all
2012/11/14 00:09:02| Processing: request_header_access Location allow all
2012/11/14 00:09:02| Processing: request_header_access Pragma allow all
2012/11/14 00:09:02| Processing: request_header_access Accept allow all
2012/11/14 00:09:02| Processing: request_header_access Accept-Charset allow all
2012/11/14 00:09:02| Processing: request_header_access Accept-Encoding allow all
2012/11/14 00:09:02| Processing: request_header_access Accept-Language allow all
2012/11/14 00:09:02| Processing: request_header_access Content-Language allow all
2012/11/14 00:09:02| Processing: request_header_access Mime-Version allow all
2012/11/14 00:09:02| Processing: request_header_access Retry-After allow all
2012/11/14 00:09:02| Processing: request_header_access Title allow all
2012/11/14 00:09:02| Processing: request_header_access Connection allow all
2012/11/14 00:09:02| Processing: request_header_access Proxy-Connection allow all
2012/11/14 00:09:02| Processing: request_header_access User-Agent allow all
2012/11/14 00:09:02| Processing: request_header_access Cookie allow all
2012/11/14 00:09:02| Processing: request_header_access All deny all
Bear in mind that dns_v4_first on only works in newer squid3 versions. If you run for example a debian6 server, you have squid3-3.1.6 which does not have this config switch.
For those older versions you have to edit the config line
tcp_outgoing_address SERVERIP all
Where SERVERIP is the IP of your server.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With