Yet another non-porn site: reddit.com
Let's check.
root @ cthulhu / # dig reddit.com
; <<>> DiG 9.6-ESV-R11-P6 <<>> reddit.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21722
;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;reddit.com. IN A
;; ANSWER SECTION:
reddit.com. 86398 IN A 198.41.209.143
reddit.com. 86398 IN A 198.41.208.138
reddit.com. 86398 IN A 198.41.209.136
reddit.com. 86398 IN A 198.41.209.139
reddit.com. 86398 IN A 198.41.208.141
reddit.com. 86398 IN A 198.41.208.137
reddit.com. 86398 IN A 198.41.208.139
reddit.com. 86398 IN A 198.41.208.143
reddit.com. 86398 IN A 198.41.208.140
reddit.com. 86398 IN A 198.41.209.137
reddit.com. 86398 IN A 198.41.209.138
reddit.com. 86398 IN A 198.41.209.140
reddit.com. 86398 IN A 198.41.209.141
reddit.com. 86398 IN A 198.41.208.142
reddit.com. 86398 IN A 198.41.209.142
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jun 27 20:32:22 ALMT 2016
;; MSG SIZE rcvd: 268
root @ cthulhu / # ping reddit.com
reddit.com is alive
Seems all ok, right?
Well, le'ts check TCP connectivity:
Test with telnet:
root @ cthulhu / # telnet reddit.com 443
Trying 198.41.208.142...
Connected to reddit.com.
Escape character is '^]'.
^C^]
telnet>
I.e., tcp socket opens.
root @ cthulhu / # wget -S http://reddit.com
--2016-06-27 20:33:13-- http://reddit.com/
Connecting to 127.0.0.1:3128... connected.
Proxy request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Date: Mon, 27 Jun 2016 14:33:13 GMT
Set-Cookie: __cfduid=d486371096ba68bc7f5ba663e5d723bf21467037993;
expires=Tue, 27-Jun-17 14:33:13 GMT; path=/; domain=.reddit.com; HttpOnly
Location: https://www.reddit.com/
X-Content-Type-Options: nosniff
Server: cloudflare-nginx
CF-RAY: 2b999ce3a5854f08-DME
Via: ICAP/1.0 cthulhu (C-ICAP/0.4.3 SquidClamav/Antivirus service )
X-Cache: MISS from cthulhu
X-Cache-Lookup: MISS from cthulhu:3128
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.reddit.com/ [following]
--2016-06-27 20:33:13-- https://www.reddit.com/
Connecting to 127.0.0.1:3128... connected.
.... and long-long time waiting for unknown.......
Browser says: ERR_TIMED_OUT
How to explain this?
27.06.2016 20:32, Amos Jeffries пишет:
[ Please reply to the mailing list I dont do private support except for
paying customers. And you have not arranged for that in advance. ]
On 28/06/2016 2:06 a.m., Adam Wright wrote:
- Ok, ISP will see my http traffic, but will the ISP see which websites I'm
surfing?
If anyone can see HTTP traffic they can see what the traffic is about.
- Browser is using the proxy. But access.log only shows the websites which
the browser connected successfully. For example I see cisco.com which I
entered minutes ago for Yuri.
1467035091.072 15004 85.107.208.29 TCP_MISS/200 246 CONNECT
supportforums.cisco.com:443 yeni DIRECT/141.101.115.192
The proxy log records every transaction through the proxy, at the time
that transaction completed. Whether it succeeded or not. Anything that
get started is prone to being logged.
In the case above it was a CONNECT tunnel transferring some TLS wrapped
protocol - probably HTTPS, SPDY or WebSockets on port 443. It took
15.004 seconds to do whatever took 246 bytes to transfer.
So nothing in the log indicates either the browser is *not* using the
proxy for those transactions, or they are still ongoing as far as Squid
is concerned.
It could be a case of browser using SPDY, QUICK or WebSockets protocols
instead of HTTP inside a TLS tunnel, or directly without the proxy.
Particularly if Chrome is involved.
The case of ongoing connections is unfortunate. You can tune Squid
timeouts somewhat to make the proxy more sensitive and do its failover
to working destinations faster. But otherwise its a browser specific
problem that can only be fixed by the browser.
It might be that whatever was happening inside that tunnel above got
stuck and timed out. To Squid the tunnel is opaque, so any type of error
in there is strictly between the browser and server.
The tiny size on that log entry makes me suspect its TLS handshake
hanging and a 15sec timeout somewhere closes it down. If so the issue is
not Squid, its whatever in the server or browser is causing the TLS to hang.
- Right now I'm using maxthon, it also says "Error code 101
(net::ERR_CONNECTION_RESET)" while I try to connect to those xxx websites.
That seems to mean the proxy is closing the connection. But that would
mean the proxy is aware of it ending and record in the log what
transaction finished with aborting the connection.
If there no log record, thats a very strong sign that the browser is not
using the proxy for that request.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
