Re: [squid-users] Problems with google ... from Chris Robertson on 2008-08-13 (squid-users)

From: Chris Robertson <crobertson_at_gci.net>
Date: Wed, 13 Aug 2008 14:58:08 -0800

Ramiro Sabastta wrote:
> Hi !!!
>
> I've installed a Squid box transparent mode (3STABLE7) with Debian. A
> router send all the request to the port 80 to my squid box on 3128
> port.
>
> I've problems with google pages. Sometimes when somedy try to sail in
> google the result is a http://www.google.com.ar/sorry/?.

"strip_query_terms off" in your Squid.conf will allow you to see the
text after the question mark.

> This page say
> something like the ip origin maybe is a malicious source, like a virus
> or spyware.
>
> I put in my squid.conf exepcions to google:
>
> acl exepciones dstdomain "/usr/local/squid/etc/exepciones"
> always_direct allow exepciones
>

*sigh* http://www.squid-cache.org/Versions/v3/3.0/cfgman/always_direct.html

And I quote...

    Here you can use ACL elements to specify requests which should
    ALWAYS be forwarded by Squid to the origin servers without using any
    peers. For example, to always directly forward requests for local
    servers ignoring any parents or siblings you may have use something
    like...

The important bits are "by Squid" and "without using any peers". Once
the traffic has been handed to Squid (be it via specifying the proxy
explicitly in the browser, using WPAD or interception) Squid has to
handle that traffic. If you want to bypass Squid for some Internet
traffic don't send that traffic to Squid.

> and the exepciones file is as follws:
>
> .google.com
> .google.com.ar
> .gmail.com
>
> but nothing changes.
>
> Any idea?
>

Set your router up to pass traffic destined to Google directly to Google
(and not to Squid). Otherwise track down and eliminate the traffic that
is causing Google to view your clients with suspicion.

> Is posible than a lot of requeriments with the same ip (the proxy ip)
> causes this behavior?
>

If some of the requests being sent through the proxy are malicious, the
IP might be flagged. I'm sure Google has more information.

> The squid always send his own origin IP to the web?
>

Unless you have gone through the trouble of setting up TPROXY, yes.

> Thanks a lot !!!
>
> Regards !!
>
> Ramiro
>

Chris
Received on Wed Aug 13 2008 - 22:58:16 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 15 2008 - 12:00:03 MDT