OK, but how can ACL data be applied in practice to solve the problem I described?
сб, 21 дек. 2024 г. в 22:57, Jonathan Lee <jonathanlee...@gmail.com>: > You can use the following > > acl NoSSLIntercept ssl::server_name_regex -i > "/usr/local/pkg/reg.url.nobump" > acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump" > > I created a regex based no bump file and or use a dns based no bump file > to mark splice only sites. > > Example of what is in reg.url.nobump file > > ^((alt[0-9]-mtalk\.)|(mtalk\.)|(mtalk-(staging|dev)\.))google\.com > ^((gvt)([0-9]))\.com > ^(((clients)[0-9])|accounts)\.google\.(com|us) > ^(pki|(crl|ocsp)\.pki)\.google\.com > (outlook\.)(office365|office)\.com > infinity-c[0-9][0-9]\.youboranqs[0-9][0-9]\.com > hulu\.com > nflxvideo\.net > > > Or example of what could be in dns.nobump > .play.google.com > .android.com > .google-analytics.com > .googleusercontent.com > .ggpht.com > .dl.google.com > .dl-ssl.google.com > .android.clients.google.com > .omahaproxy.appspot.com > .payments.google.com > .googleapis.com > .notifications.google.com > .ogs.google.com > .googleapis.com > > Make sure you follow the enterprise policy for Google Android based > products. > > Some sites simply can not and or should not be bumped and you only should > look at the get header. > > ------------------------------ > *From:* A. Pechenin <alexm...@gmail.com> > *Sent:* Saturday, December 21, 2024 11:46 > *To:* Jonathan Lee <jonathanlee...@gmail.com> > *Cc:* squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org > > > *Subject:* Re: [squid-users] SQUID problem with unavailability of Google > services > > I apologize for the formatting of the text of the letter? > > I will be incorrect if I do not say that there are entries in the > cache.log, although the IP does not resolve directly to google subdomains, > but according to whois, this is the Google LLC farm. > > 2024/12/21 21:54:57 kid1| conn43356657 local=MYREALIP:53130 remote= > 142.250.186.142:443 HIER_DIRECT FD 121 flags=1: read/write failure: (60) > Operation timed out > current master transaction: master13542083 > 2024/12/21 21:58:29 kid1| conn43398624 local=MYREALIP:58390 remote= > 142.250.185.238:443 HIER_DIRECT FD 96 flags=1: read/write failure: (60) > Operation timed out > current master transaction: master13553287 > 2024/12/21 21:58:30 kid1| conn43398801 local=MYREALIP:58419 remote= > 172.217.16.206:443 HIER_DIRECT FD 898 flags=1: read/write failure: (60) > Operation timed out > > > сб, 21 дек. 2024 г. в 20:43, Jonathan Lee <jonathanlee...@gmail.com>: > > Have you created a splice only file with lists of items that must be > spliced at all times, Google mail ethically should be spliced just as an > example. Some know sites must be spliced. > Sent from my iPhone > > > On Dec 21, 2024, at 09:32, A. Pechenin <alexm...@gmail.com> wrote: > > > > > > This week, when connecting users through a proxy server, some Google > services became inaccessible, such as Calendar, Translator, user profile. > > > > When clicking on the services section in the browser on the Google > portal, the page does not open and then a connection error is displayed. > When directly going to the calendar section, the connection also hangs for > a long time without loading the page. At the same time, the Google home > page, mail, search work. > > > > Transparent proxying is not used. > > Viewing the proxy server logs did not add any understanding, all > requests are processed correctly and no errors or prohibitions are > observed. There are no other problems with the unavailability of any sites. > > > > When connecting directly (bypassing the proxy server), all Google > services work completely correctly. > > The platform on which the problem was suddenly discovered: > > FreeBSD 13.2-RELEASE-p9 > > Squid 6.6 > > > > A new separate server was deployed for objectivity and finding the > cause, but the problem was also reproduced there, its platform. > > FreeBSD 13.4-RELEASE-p2 > > Squid 6.10 > > > > I tried using the default configuration file (recommended minimum > configuration) to eliminate the problem in my working squid.conf, but the > problem remained > > > > I repeat, the problem reproduced suddenly, no changes were made to the > proxy server configuration on our side, no problems with Google have arisen > for many years. What should I pay attention to in the Squid configuration? > Any idea > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > https://lists.squid-cache.org/listinfo/squid-users > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
