But I don't use sslbump in the proxy server configuration. In general, I do not understand the procedure for further actions to resolve the problem.
вс, 22 дек. 2024 г. в 00:01, Jonathan Lee <jonathanlee...@gmail.com>: > You apply it as a custom setting in Squid. I would seek out what header > request is failing and start from there to fix your issue. > > Good luck. > > > On Dec 21, 2024, at 12:18, A. Pechenin <alexm...@gmail.com> wrote: > > OK, but how can ACL data be applied in practice to solve the problem I > described? > > сб, 21 дек. 2024 г. в 22:57, Jonathan Lee <jonathanlee...@gmail.com>: > >> You can use the following >> >> acl NoSSLIntercept ssl::server_name_regex -i >> "/usr/local/pkg/reg.url.nobump" >> acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump" >> >> I created a regex based no bump file and or use a dns based no bump file >> to mark splice only sites. >> >> Example of what is in reg.url.nobump file >> >> ^((alt[0-9]-mtalk\.)|(mtalk\.)|(mtalk-(staging|dev)\.))google\.com >> ^((gvt)([0-9]))\.com >> ^(((clients)[0-9])|accounts)\.google\.(com|us) >> ^(pki|(crl|ocsp)\.pki)\.google\.com >> (outlook\.)(office365|office)\.com >> infinity-c[0-9][0-9]\.youboranqs[0-9][0-9]\.com >> hulu\.com >> nflxvideo\.net >> >> >> Or example of what could be in dns.nobump >> .play.google.com >> .android.com >> .google-analytics.com >> .googleusercontent.com >> .ggpht.com >> .dl.google.com >> .dl-ssl.google.com >> .android.clients.google.com >> .omahaproxy.appspot.com >> .payments.google.com >> .googleapis.com >> .notifications.google.com >> .ogs.google.com >> .googleapis.com >> >> Make sure you follow the enterprise policy for Google Android based >> products. >> >> Some sites simply can not and or should not be bumped and you only should >> look at the get header. >> >> ------------------------------ >> *From:* A. Pechenin <alexm...@gmail.com> >> *Sent:* Saturday, December 21, 2024 11:46 >> *To:* Jonathan Lee <jonathanlee...@gmail.com> >> *Cc:* squid-users@lists.squid-cache.org < >> squid-users@lists.squid-cache.org> >> *Subject:* Re: [squid-users] SQUID problem with unavailability of Google >> services >> >> I apologize for the formatting of the text of the letter? >> >> I will be incorrect if I do not say that there are entries in the >> cache.log, although the IP does not resolve directly to google subdomains, >> but according to whois, this is the Google LLC farm. >> >> 2024/12/21 21:54:57 kid1| conn43356657 local=MYREALIP:53130 remote= >> 142.250.186.142:443 HIER_DIRECT FD 121 flags=1: read/write failure: (60) >> Operation timed out >> current master transaction: master13542083 >> 2024/12/21 21:58:29 kid1| conn43398624 local=MYREALIP:58390 remote= >> 142.250.185.238:443 HIER_DIRECT FD 96 flags=1: read/write failure: (60) >> Operation timed out >> current master transaction: master13553287 >> 2024/12/21 21:58:30 kid1| conn43398801 local=MYREALIP:58419 remote= >> 172.217.16.206:443 HIER_DIRECT FD 898 flags=1: read/write failure: (60) >> Operation timed out >> >> >> сб, 21 дек. 2024 г. в 20:43, Jonathan Lee <jonathanlee...@gmail.com>: >> >> Have you created a splice only file with lists of items that must be >> spliced at all times, Google mail ethically should be spliced just as an >> example. Some know sites must be spliced. >> Sent from my iPhone >> >> > On Dec 21, 2024, at 09:32, A. Pechenin <alexm...@gmail.com> wrote: >> > >> > >> > This week, when connecting users through a proxy server, some Google >> services became inaccessible, such as Calendar, Translator, user profile. >> > >> > When clicking on the services section in the browser on the Google >> portal, the page does not open and then a connection error is displayed. >> When directly going to the calendar section, the connection also hangs for >> a long time without loading the page. At the same time, the Google home >> page, mail, search work. >> > >> > Transparent proxying is not used. >> > Viewing the proxy server logs did not add any understanding, all >> requests are processed correctly and no errors or prohibitions are >> observed. There are no other problems with the unavailability of any sites. >> > >> > When connecting directly (bypassing the proxy server), all Google >> services work completely correctly. >> > The platform on which the problem was suddenly discovered: >> > FreeBSD 13.2-RELEASE-p9 >> > Squid 6.6 >> > >> > A new separate server was deployed for objectivity and finding the >> cause, but the problem was also reproduced there, its platform. >> > FreeBSD 13.4-RELEASE-p2 >> > Squid 6.10 >> > >> > I tried using the default configuration file (recommended minimum >> configuration) to eliminate the problem in my working squid.conf, but the >> problem remained >> > >> > I repeat, the problem reproduced suddenly, no changes were made to the >> proxy server configuration on our side, no problems with Google have arisen >> for many years. What should I pay attention to in the Squid configuration? >> Any idea >> > _______________________________________________ >> > squid-users mailing list >> > squid-users@lists.squid-cache.org >> > https://lists.squid-cache.org/listinfo/squid-users >> >> >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
