Re: [squid-users] Squid without restrictions and problems withs prezi from Amos Jeffries on 2014-05-20 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 21 May 2014 04:32:34 +1200

On 21/05/2014 1:52 a.m., Trenta sis wrote:
> Hello,
>
> I have Debian Squeeze with squid3:
> ii sarg 2.3.1-1~bpo60+1
> squid analysis report generator
> ii squid-langpack 20100628-1
> Localized error pages for Squid
> ii squid3 3.1.6-1.2+squeeze2
> A full featured Web Proxy cache (HTTP proxy)
> ii squid3-common 3.1.6-1.2+squeeze2
> A full featured Web Proxy cache (HTTP proxy) - common files
>
>
> And we have some problems with some url, for example there are users
> that has disconnections when they are editing prezi presentations, in
> logs error is:
>
> 1400591927.068 164 192.168.10.17 TCP_MISS/200 36175 GET
> http://cdn-a.prezi.com/bin/modules/imagesearch-bbc2d65a304a2344a4239bda263525a92e1eb21c.swf
> 32847 DIRECT/23.51.75.49 application/x-shockwave-flash
> 1400591927.173 0 192.168.10.17 TCP_DENIED/407 3737 CONNECT
> s3.amazonaws.com:443 - NONE/- text/html
> 1400591927.179 0 192.168.10.17 TCP_DENIED/407 4048 CONNECT
> s3.amazonaws.com:443 - NONE/- text/html
> 1400591927.315 0 192.168.10.17 TCP_DENIED/407 4721 GET
> http://www.google-analytics.com/__utm.gif? - NONE/- text/html
> 1400591927.320 0 192.168.10.17 TCP_DENIED/407 5032 GET
> http://www.google-analytics.com/__utm.gif? - NONE/- text/html
> 1400591927.361 39 192.168.10.17 TCP_MISS/200 525 GET
> http://www.google-analytics.com/__utm.gif? 32847 DIRECT/173.194.41.9
> image/gif
> 1400591927.888 23 192.168.10.17 TCP_MISS/200 525 GET
> http://www.google-analytics.com/__utm.gif? 32847 DIRECT/173.194.41.9
> image/gif
> 1400591927.891 718 192.168.10.17 TCP_MISS/200 3469 POST
> http://prezi.com/api/token/imagerecommendation/ 32847
> DIRECT/54.235.184.72 application/json
> 1400591927.901 0 192.168.10.17 TCP_DENIED/407 3737 CONNECT
> search.prezi.com:443 - NONE/- text/html
> 1400591927.904 1 192.168.10.17 TCP_DENIED/407 4048 CONNECT
> search.prezi.com:443 - NONE/- text/html
> 1400591928.904 1723 192.168.10.17 TCP_MISS/200 34768 CONNECT
> s3.amazonaws.com:443 32847 DIRECT/176.32.102.82 -
> 1400591929.193 21000 192.168.10.17 TCP_MISS/503 5544 POST
> http://meeting04.prezi.com/ 32847 DIRECT/184.72.217.112 text/html
> 1400591929.933 0 192.168.10.17 TCP_DENIED/407 4281 GET
> http://s3.amazonaws.com/0103.static.prezi.com/media/d/9/d/435b54a01855f57523aff086e8f19dc72b6a2.jpg
> - NONE/- text/html
> 1400591929.934 0 192.168.10.17 TCP_DENIED/407 5528 GET
> http://0103.static.prezi.com/crossdomain.xml - NONE/- text/html
> 1400591929.936 1 192.168.10.17 TCP_DENIED/407 4592 GET
> http://s3.amazonaws.com/0103.static.prezi.com/media/d/9/d/435b54a01855f57523aff086e8f19dc72b6a2.jpg
> - NONE/- text/html
> 1400591929.937 1 192.168.10.17 TCP_DENIED/407 5839 GET
> http://0103.static.prezi.com/crossdomain.xml - NONE/- text/html
> 1400591930.351 414 192.168.10.17 TCP_MISS/200 828 GET
> http://0103.static.prezi.com/crossdomain.xml 32847
> DIRECT/75.101.163.113 text/xml
> 1400591930.552 142 192.168.10.17 TCP_MISS/302 569 GET
> http://0103.static.prezi.com/thumbnail/330/converted/1/1/a/af15ad4698fd68e3ab40dbfb63f791477916c.jpe
> 32847 DIRECT/75.101.163.113 text/html
> 1400591930.561 0 192.168.10.17 TCP_DENIED/407 3737 CONNECT
> s3.amazonaws.com:443 - NONE/- text/html
> 1400591930.563 0 192.168.10.17 TCP_DENIED/407 4048 CONNECT
> s3.amazonaws.com:443 - NONE/- text/html
>
> We are using samba-ldap domain and user are using an acl to allow only
> auths users.
>
> Our proxy is only to generate statitics using sarg, we need that squid
> doesn't make any tcp denied or any restriction, we need to allo all
> traffic from our internal ip and auth users. How can I do this and
> solve this problems with prezi?

I dont see any errors in that log.

Your Squid is requiring authentication. This requires the client
software (prezi) to be capable of authenticating HTTP requests.

From the pattern of two 407 followed by a 200 it appears that you are
using NTLM authentication. That type of authentication has a 407
challenge to announce the available auth type(s), a second 407 challenge
to deliver security keys from the server, then a third request to
receive final authentication from the client.

We have had a number of bugs in CONNECT handling over the years. I
suggest you install a later squid3 package the one from Debian Wheezy
(current stable Debian) repository should work on Squeeze.

Amos
Received on Tue May 20 2014 - 16:32:42 MDT

This archive was generated by hypermail 2.2.0 : Wed May 21 2014 - 12:00:05 MDT