No, ssl_bump is not used in any form in Squid, I intentionally reproduced the problem on the default configuration file.
In access.log i do not observe any questionable recordings when reproducing the problem: acl hasRequest has request access_log daemon:/var/log/squid/access.log squid hasRequest TCP_TUNNEL/200 39 CONNECT play.google.com:443 - HIER_DIRECT/216.58.212.174 - TCP_TUNNEL/200 39 CONNECT www.gstatic.com:443 - HIER_DIRECT/142.250.185.195 - TCP_TUNNEL/200 6623 CONNECT drive.google.com:443 - HIER_DIRECT/ 142.250.27.194 - TCP_TUNNEL/200 13269 CONNECT waa-pa.clients6.google.com:443 - HIER_DIRECT/ 142.250.186.138 - Yes, such messages were present in the cache.log when the Google service was running. I didn't attach any significant importance to them. Probably not, rather than yes. Either these messages will appear in the cache.log with a delay. вс, 22 дек. 2024 г. в 07:17, Alex Rousskov <rouss...@measurement-factory.com >: > On 2024-12-21 12:26, A. Pechenin wrote: > > This week, when connecting users through a proxy server, some Google > > services became inaccessible, such as Calendar, Translator, user profile. > > Do you use any ssl_bump directives? You have mentioned a test with > "default configuration file" below. That configuration file does not > have any ssl_bump directives. When testing with that default > configuration file, did you add any ssl_bump directives? > > If you are not using SslBump, then suggestions regarding "splicing" do > not apply to your environment -- your Squid is already effectively > splicing all TLS connections. In this case, please clarify whether > "Operation timed out" failures that you have mentioned in your second > post are also reflected in access.log records. You have said that "all > requests are processed correctly and no errors or prohibitions are > observed", and I am trying to correlate that statement with those > timeout errors... > > > > 2024/12/21 21:54:57 kid1| conn43356657 local=MYREALIP:53130 > > remote=142.250.186.142:443 HIER_DIRECT FD 121 flags=1: > > read/write failure: (60) Operation timed out > > current master transaction: master13542083 > > Do you know whether these timeout errors were present when everything > was working correctly? > > Do you always see at least one such timeout error for every case when > "the page does not open and then a connection error is displayed"? In > other words, is there a strong correlation between client-side problems > and these timeout errors in cache.log? > > > Thank you, > > Alex. > > > > When clicking on the services section in the browser on the Google > > portal, the page does not open and then a connection error is displayed. > > When directly going to the calendar section, the connection also hangs > > for a long time without loading the page. At the same time, the Google > > home page, mail, search work. > > > > Transparent proxying is not used. > > Viewing the proxy server logs did not add any understanding, all > > requests are processed correctly and no errors or prohibitions are > > observed. There are no other problems with the unavailability of any > sites. > > > > When connecting directly (bypassing the proxy server), all Google > > services work completely correctly. > > The platform on which the problem was suddenly discovered: > > FreeBSD 13.2-RELEASE-p9 > > Squid 6.6 > > > > A new separate server was deployed for objectivity and finding the > > cause, but the problem was also reproduced there, its platform. > > FreeBSD 13.4-RELEASE-p2 > > Squid 6.10 > > > > I tried using the default configuration file (recommended minimum > > configuration) to eliminate the problem in my working squid.conf, but > > the problem remained > > > > I repeat, the problem reproduced suddenly, no changes were made to the > > proxy server configuration on our side, no problems with Google have > > arisen for many years. What should I pay attention to in the Squid > > configuration? Any idea > > > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > https://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > https://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
