Hi this is not an SSL site.
Here is the config (I have stripped out the ACL's)
# WELCOME TO SQUID 2# ------------------
# NETWORK OPTIONS#
-----------------------------------------------------------------------------
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM#
-----------------------------------------------------------------------------
# TAG: cache_peer cache_peer proxy1.ap.webscanningservice.com parent 3128
0000 default no-query no-digest# cache_peer proxy1.eu.webscanningservice.com
parent 3128 0000 default no-query no-digest# cache_peer
proxy1.us.webscanningservice.com parent 3128 0000 default no-query no-digest#
cache_peer proxy1.hk.webscanningservice.com parent 3128 0000 default no-query
no-digest# cache_peer proxy1.eu.webscanningservice.com parent 3128 0000 default
no-query no-digest
# disable local cache digest generationdigest_generation off
# TAG: hierarchy_stoplisthierarchy_stoplist cgi-bin ?
#define the all here as it will be used by the no_cacheacl all src
0.0.0.0/0.0.0.0# TAG: no_cachecache deny all
# OPTIONS WHICH AFFECT THE CACHE SIZE#
-----------------------------------------------------------------------------
# TAG: maximum_object_size (bytes)maximum_object_size 0 KB
# LOGFILE PATHNAMES AND CACHE DIRECTORIES#
-----------------------------------------------------------------------------
log_uses_indirect_client on
# Enable Log Rotation
logfile_rotate 7
# TAG: emulate_httpd_log on|offemulate_httpd_log on
# TAG: debug_optionsdebug_options ALL,1#debug_options ALL,9
# By default, the store and access log is disabled to avoid large size log
filescache_store_log noneaccess_log noneuseragent_log none#cache_log
c:/ClientSiteProxy/var/logs/cache.log#access_log
C:/ClientSiteProxy/var/logs/access.logcache_log
D:/SquidDefinitions/logs/cache.logaccess_log
D:/SquidDefinitions/logs/access.log#useragent_log
c:/ClientSiteProxy/var/logs/useragent.log
# IGNORE EXPECT 100 HTTP HEADER#
-----------------------------------------------------------------------------ignore_expect_100
on
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS#
-----------------------------------------------------------------------------
# TAG: auth_paramauth_param ntlm program
c:/clientsiteproxy/libexec/mswin_ntlm_auth.exeauth_param ntlm children
80auth_param ntlm keep_alive on
# auth_param negotiate program
c:/clientsiteproxy/libexec/mswin_negotiate_auth.exeauth_param negotiate
children 80
auth_param basic program c:/clientsiteproxy/libexec/ncsa_auth.exe
C:/clientsiteproxy/etc/passwd.txt auth_param basic children 5auth_param basic
realm Squid proxy-caching web serverauth_param basic credentialsttl 2
hoursauth_param basic casesensitive off
# Use this tag to specify how long the IP authentication credentials will be
cached# If multiple users connect from a single IP (ie: terminal services)
comment out the# following line and uncomment the
next.#authenticate_ip_shortcircuit_ttl 30
secondsauthenticate_ip_shortcircuit_access none
# OPTIONS FOR TUNING THE CACHE#
-----------------------------------------------------------------------------
# TAG: refresh_patternrefresh_pattern ^ftp: 1440 20% 10080refresh_pattern
^gopher: 1440 0% 1440refresh_pattern . 0 20% 4320
# TIMEOUTS#
-----------------------------------------------------------------------------
read_timeout 15 minutes
# X-Saucer#
------------------------------------------------------------------------------
# TAG: fqdn_xsaucer# Turn this on if you wish to use fully qualified domain
names instead of # user names in X-Saucer. To do this Squid does a DNS lookup
of all# IP's connecting to it. This can (in some situations) increase# latency,
which makes your cache seem slower for interactive# browsing. By default, it is
off.# The FQDN will be prepended with a backslash and converted to lower case
since# ClientNet only accepts custom user name with backslash. If log_fqdn is#
also enabled, the FQDN will be logged in access.log.# For example, an FQDN of
www.XYz.com in access.log will require specifying# a custom user "\www.xyz.com"
(no quotes) in ClientNet. ## fqdn_xsaucer off
# TAG: hash_username_xsaucer# Turn this on if you wish to apply hex
representative of hashed(SHA-1) # to domain name\user name (before encryption)
in X-Saucer instead.## hash_username_xsaucer off
# ACCESS CONTROLS#
-----------------------------------------------------------------------------
# TAG: acl# TAG: disable password on conf file#cachemgr_passwd none configacl
SSL_ports port 443 563 5443acl Safe_ports port 80 # httpacl Safe_ports port 21
# ftpacl Safe_ports port 443 563 5443 # https, snews, medicareacl Safe_ports
port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 1025-65535 #
unregistered portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 #
gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling
http
acl_uses_indirect_client onacl CONNECT method CONNECTacl authproxy proxy_auth
REQUIRED# the IP list of "acl our_networks src" may potentially be long while
the maximum number of characters supported by squid is around 500.# therefore,
you should try to splite long ip list to multiple lines for readabilty and
maintenability, see the following lines as an example:# acl our_networks src
x.x.x.x/z x.x.x.x/x x.x.x.x/z ....# acl our_networks src y.y.y.y/z y.y.y.y/y
y.y.y.y/z ....acl our_networks src 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
169.254.0.0/16
# __________________________________________________________________________acl
HEAD method HEADfollow_x_forwarded_for allow f5lb_prxy# TAG: http_access
http_access allow manager localhosthttp_access deny managerhttp_access deny
!Safe_ports#
__________________________________________________________________________#http_access
allow CONNECT SSL_ports#
__________________________________________________________________________http_access
deny CONNECT !SSL_ports#Allow the header as IE does not process the Head
authenticationhttp_access allow HEADhttp_access deny !our_networkshttp_access
allow Smartconnect#
__________________________________________________________________________
# __________________________________________________________________________#
NTLM bypasses and specific domain bypass come after this comment block.#
http_access = NTLM bypass. always_direct = bypasses the MessageLabs proxy # and
sends the connection directly. The first sample below creates a bypass # named
'uniqueBypass1' which bypasses NTLM and sends the connection directly# for
sample.com. The second sample will bypass NTLM authentication for # connections
to sample.com.# Begin Sample 1:#acl uniqueBypass1 dstdomain sample.com#
http_access allow uniqueBypass1 # always_direct allow uniqueBypass1# Begin
Sample 2:#acl NTLMBypass dstdomain sample.com#http_access allow NTLMBypass
http_access allow authproxyhttp_access deny all
# TAG: icp_accessicp_access allow all
# TAG: httpd_suppress_version_string on|off# Suppress Squid version string
info in HTTP headers and HTML error pages.#httpd_suppress_version_string on
# ADMINISTRATIVE PARAMETERS#
-----------------------------------------------------------------------------
# TAG: visible_hostnamevisible_hostname ClientSiteProxy
# OPTIONS FOR THE CACHE REGISTRATION SERVICE#
-----------------------------------------------------------------------------
# HTTPD-ACCELERATOR OPTIONS#
-----------------------------------------------------------------------------
# MISCELLANEOUS#
-----------------------------------------------------------------------------
# Forwarding proxy client IP addresses in X-Forwarded-For header. # Disabled to
prevent leakage of internal network configuration details.forwarded_for truncate
# Do not reveal CSP version in "Via" HTTP headerheader_access Via deny all
# TAG: never_directnever_direct allow all
# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)#
-----------------------------------------------------------------------------
# TAG: coredump_dir# completely disable checks for cache consistency (and/or
garbage collection) and # there will be no need to initialize cache dirs which
amount to be over 2000 dir.cache_dir null c:/ClientSiteProxycoredump_dir
c:/clientsiteproxy/var/cache
http_port 80http_port 8080
On Tuesday, 1 March 2016 11:49 AM, Eliezer Croitoru <elie...@ngtech.co.il>
wrote:
Can you send me or the list your squid.conf?
Also are you using SSl-BUMP? is this a https site?
Eliezer
On 01/03/2016 00:36, Ryan Slick wrote:
> Hi Guys,
>
> So here is an issue I am having,
>
> there is a external website some of our users need to access. When
> accessing via the Squid proxy, the site throws this error on the page:
>
> iisnode encountered an error when processing the request.
> HRESULT: 0xb
> HTTP status: 500
> HTTP reason: Internal Server Error
> You are receiving this HTTP 200 response because
> system.webServer/iisnode/@devErrorsEnabled
> <mailto:system.webServer/iisnode/@devErrorsEnabled> configuration
> setting is 'true'.
>
> We configured on a pc that goes directly to the internet the page loads
> fine, when going via a bluecoat proxy on a different network it loads
> fine, When I put in a direct access rule on squid the error is still thrown.
>
> I am convinced the issue is on the external webserver, however it would
> appear squid is not playing nice with it, is there anything I can do to
> attempt to fix it? Now the users have tested on their remote devices and
> from home they are convinced the issue lies on the proxy.
>
> regards
>
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
