You apply it as a custom setting in Squid. I would seek out what header request is failing and start from there to fix your issue.
Good luck. > On Dec 21, 2024, at 12:18, A. Pechenin <alexm...@gmail.com> wrote: > > OK, but how can ACL data be applied in practice to solve the problem I > described? > > сб, 21 дек. 2024 г. в 22:57, Jonathan Lee <jonathanlee...@gmail.com > <mailto:jonathanlee...@gmail.com>>: >> You can use the following >> >> acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump" >> acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump" >> >> I created a regex based no bump file and or use a dns based no bump file to >> mark splice only sites. >> >> Example of what is in reg.url.nobump file >> >> ^((alt[0-9]-mtalk\.)|(mtalk\.)|(mtalk-(staging|dev)\.))google\.com >> ^((gvt)([0-9]))\.com >> ^(((clients)[0-9])|accounts)\.google\.(com|us) >> ^(pki|(crl|ocsp)\.pki)\.google\.com >> (outlook\.)(office365|office)\.com >> infinity-c[0-9][0-9]\.youboranqs[0-9][0-9]\.com >> hulu\.com >> nflxvideo\.net >> >> >> Or example of what could be in dns.nobump >> .play.google.com <http://play.google.com/> >> .android.com <http://android.com/> >> .google-analytics.com <http://google-analytics.com/> >> .googleusercontent.com <http://googleusercontent.com/> >> .ggpht.com <http://ggpht.com/> >> .dl.google.com <http://dl.google.com/> >> .dl-ssl.google.com <http://dl-ssl.google.com/> >> .android.clients.google.com <http://android.clients.google.com/> >> .omahaproxy.appspot.com <http://omahaproxy.appspot.com/> >> .payments.google.com <http://payments.google.com/> >> .googleapis.com <http://googleapis.com/> >> .notifications.google.com <http://notifications.google.com/> >> .ogs.google.com <http://ogs.google.com/> >> .googleapis.com <http://googleapis.com/> >> >> Make sure you follow the enterprise policy for Google Android based >> products. >> >> Some sites simply can not and or should not be bumped and you only should >> look at the get header. >> >> From: A. Pechenin <alexm...@gmail.com <mailto:alexm...@gmail.com>> >> Sent: Saturday, December 21, 2024 11:46 >> To: Jonathan Lee <jonathanlee...@gmail.com <mailto:jonathanlee...@gmail.com>> >> Cc: squid-users@lists.squid-cache.org >> <mailto:squid-users@lists.squid-cache.org> >> <squid-users@lists.squid-cache.org >> <mailto:squid-users@lists.squid-cache.org>> >> Subject: Re: [squid-users] SQUID problem with unavailability of Google >> services >> >> I apologize for the formatting of the text of the letter? >> >> I will be incorrect if I do not say that there are entries in the cache.log, >> although the IP does not resolve directly to google subdomains, but >> according to whois, this is the Google LLC farm. >> 2024/12/21 21:54:57 kid1| conn43356657 local=MYREALIP:53130 >> remote=142.250.186.142:443 <http://142.250.186.142:443/> HIER_DIRECT FD 121 >> flags=1: read/write failure: (60) Operation timed out >> current master transaction: master13542083 >> 2024/12/21 21:58:29 kid1| conn43398624 local=MYREALIP:58390 >> remote=142.250.185.238:443 <http://142.250.185.238:443/> HIER_DIRECT FD 96 >> flags=1: read/write failure: (60) Operation timed out >> current master transaction: master13553287 >> 2024/12/21 21:58:30 kid1| conn43398801 local=MYREALIP:58419 >> remote=172.217.16.206:443 <http://172.217.16.206:443/> HIER_DIRECT FD 898 >> flags=1: read/write failure: (60) Operation timed out >> >> сб, 21 дек. 2024 г. в 20:43, Jonathan Lee <jonathanlee...@gmail.com >> <mailto:jonathanlee...@gmail.com>>: >> Have you created a splice only file with lists of items that must be spliced >> at all times, Google mail ethically should be spliced just as an example. >> Some know sites must be spliced. >> Sent from my iPhone >> >> > On Dec 21, 2024, at 09:32, A. Pechenin <alexm...@gmail.com >> > <mailto:alexm...@gmail.com>> wrote: >> > >> > >> > This week, when connecting users through a proxy server, some Google >> > services became inaccessible, such as Calendar, Translator, user profile. >> > >> > When clicking on the services section in the browser on the Google portal, >> > the page does not open and then a connection error is displayed. When >> > directly going to the calendar section, the connection also hangs for a >> > long time without loading the page. At the same time, the Google home >> > page, mail, search work. >> > >> > Transparent proxying is not used. >> > Viewing the proxy server logs did not add any understanding, all requests >> > are processed correctly and no errors or prohibitions are observed. There >> > are no other problems with the unavailability of any sites. >> > >> > When connecting directly (bypassing the proxy server), all Google services >> > work completely correctly. >> > The platform on which the problem was suddenly discovered: >> > FreeBSD 13.2-RELEASE-p9 >> > Squid 6.6 >> > >> > A new separate server was deployed for objectivity and finding the cause, >> > but the problem was also reproduced there, its platform. >> > FreeBSD 13.4-RELEASE-p2 >> > Squid 6.10 >> > >> > I tried using the default configuration file (recommended minimum >> > configuration) to eliminate the problem in my working squid.conf, but the >> > problem remained >> > >> > I repeat, the problem reproduced suddenly, no changes were made to the >> > proxy server configuration on our side, no problems with Google have >> > arisen for many years. What should I pay attention to in the Squid >> > configuration? Any idea >> > _______________________________________________ >> > squid-users mailing list >> > squid-users@lists.squid-cache.org >> > <mailto:squid-users@lists.squid-cache.org> >> > https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
