You can use the following acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump" acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump"
I created a regex based no bump file and or use a dns based no bump file to mark splice only sites. Example of what is in reg.url.nobump file ^((alt[0-9]-mtalk\.)|(mtalk\.)|(mtalk-(staging|dev)\.))google\.com ^((gvt)([0-9]))\.com ^(((clients)[0-9])|accounts)\.google\.(com|us) ^(pki|(crl|ocsp)\.pki)\.google\.com (outlook\.)(office365|office)\.com infinity-c[0-9][0-9]\.youboranqs[0-9][0-9]\.com hulu\.com nflxvideo\.net Or example of what could be in dns.nobump .play.google.com .android.com .google-analytics.com .googleusercontent.com .ggpht.com .dl.google.com .dl-ssl.google.com .android.clients.google.com .omahaproxy.appspot.com .payments.google.com .googleapis.com .notifications.google.com .ogs.google.com .googleapis.com Make sure you follow the enterprise policy for Google Android based products. Some sites simply can not and or should not be bumped and you only should look at the get header. ________________________________ From: A. Pechenin <alexm...@gmail.com> Sent: Saturday, December 21, 2024 11:46 To: Jonathan Lee <jonathanlee...@gmail.com> Cc: squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org> Subject: Re: [squid-users] SQUID problem with unavailability of Google services I apologize for the formatting of the text of the letter? I will be incorrect if I do not say that there are entries in the cache.log, although the IP does not resolve directly to google subdomains, but according to whois, this is the Google LLC farm. 2024/12/21 21:54:57 kid1| conn43356657 local=MYREALIP:53130 remote=142.250.186.142:443<http://142.250.186.142:443> HIER_DIRECT FD 121 flags=1: read/write failure: (60) Operation timed out current master transaction: master13542083 2024/12/21 21:58:29 kid1| conn43398624 local=MYREALIP:58390 remote=142.250.185.238:443<http://142.250.185.238:443> HIER_DIRECT FD 96 flags=1: read/write failure: (60) Operation timed out current master transaction: master13553287 2024/12/21 21:58:30 kid1| conn43398801 local=MYREALIP:58419 remote=172.217.16.206:443<http://172.217.16.206:443> HIER_DIRECT FD 898 flags=1: read/write failure: (60) Operation timed out сб, 21 дек. 2024 г. в 20:43, Jonathan Lee <jonathanlee...@gmail.com<mailto:jonathanlee...@gmail.com>>: Have you created a splice only file with lists of items that must be spliced at all times, Google mail ethically should be spliced just as an example. Some know sites must be spliced. Sent from my iPhone > On Dec 21, 2024, at 09:32, A. Pechenin > <alexm...@gmail.com<mailto:alexm...@gmail.com>> wrote: > > > This week, when connecting users through a proxy server, some Google services > became inaccessible, such as Calendar, Translator, user profile. > > When clicking on the services section in the browser on the Google portal, > the page does not open and then a connection error is displayed. When > directly going to the calendar section, the connection also hangs for a long > time without loading the page. At the same time, the Google home page, mail, > search work. > > Transparent proxying is not used. > Viewing the proxy server logs did not add any understanding, all requests are > processed correctly and no errors or prohibitions are observed. There are no > other problems with the unavailability of any sites. > > When connecting directly (bypassing the proxy server), all Google services > work completely correctly. > The platform on which the problem was suddenly discovered: > FreeBSD 13.2-RELEASE-p9 > Squid 6.6 > > A new separate server was deployed for objectivity and finding the cause, but > the problem was also reproduced there, its platform. > FreeBSD 13.4-RELEASE-p2 > Squid 6.10 > > I tried using the default configuration file (recommended minimum > configuration) to eliminate the problem in my working squid.conf, but the > problem remained > > I repeat, the problem reproduced suddenly, no changes were made to the proxy > server configuration on our side, no problems with Google have arisen for > many years. What should I pay attention to in the Squid configuration? Any > idea > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org> > https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
