Re: [squid-users] Vey slow navigation

2023-10-12 Thread ngtech1ltd 
Hey Andre,

The issue can be caused by couple technical reasons.
If we want to find one of the reasons we first need to understand the setup.
Lets start with the ISP part of the picture:
Where the public IP is residing? On the Squid box or on a NAT gateway?
```
$ ip route show
```

Also, did you made any fine tunning to the OS networking stack?
What OS are you using?
What version of squid? Is it self compiled or pre-packaged binary?
```
squid -v
```

Also, do you have any dummy website locally you can try to verify which works 
or not?
You can try to install nginx or apache on the squid box and to try accessing 
the local ip or domain on port 80 and see what happens.
Also, is this squid a simple forward or intercept proxy?

With the above details I believe we can start thinking about the technical 
options of the issue.

Eliezer


From: squid-users  On Behalf Of 
Andre Bolinhas
Sent: Thursday, October 12, 2023 14:43
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Vey slow navigation

Hi
I'm using Squid and sometimes my users are unable to access to internet or the 
internet access is very slow.
The error returned from the browser is
“This site can't be reached – took too long”
On cache.log i get this errors very frequently
2023/10/12 10:23:49 kid5| local=10.30.2.33:3128 remote=10.188.150.131:53305 FD 
3379 flags=1: read/write failure: (32) Broken pipe
2023/10/12 10:23:53 kid4| local=10.30.2.33:3128 remote=172.161.26.109:55123 FD 
7784 flags=1: read/write failure: (32) Broken pipe
2023/10/12 10:24:11 kid1| local=10.30.2.33:3128 remote=10.188.120.13:54408 FD 
3116 flags=1: read/write failure: (32) Broken pipe
2023/10/12 10:24:26 kid4| local=10.30.2.33:3128 remote=198.101.5.73:57952 FD 
11987 flags=1: read/write failure: (32) Broken pipe
...
2023/10/12 10:47:29 kid2| local=10.30.2.33:3128 remote=167.2.22.36:64301 FD 
18774 flags=1: read/write failure: (110) Connection timed out
2023/10/12 10:50:28 kid2| local=10.30.2.33:3128 remote=10.188.100.153:62550 FD 
4240 flags=1: read/write failure: (110) Connection timed out
2023/10/12 10:50:30 kid4| local=10.30.2.33:3128 remote=172.16.109.181:55468 FD 
19204 flags=1: read/write failure: (110) Connection timed out
..

Can you help me to understand this?
It's a problem on squid box or something related with network / isp?
Best regards

___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 5.9 Kerberos authentication problem

2023-10-12 Thread Amos Jeffries 

On 6/10/23 06:15, Ludovit Koren wrote:

Amos Jeffries writes:


 > On 5/10/23 19:30, Ludovit Koren wrote:
 >> Hello,
 >> I am using squid 5.9 with AD Kerberos authentication and could not
 >> solve
 >> the problem of sending incorrect request according to client
 >> configuration followed by the correct one, i.e.:
 >> 1695983264.808  0 x.y.z TCP_DENIED/407 4135 CONNECT
 >> th.bing.com:443 - HIER_NONE/- text/html
 >> 1695983264.834 21 x.y.z TCP_TUNNEL/200 6080 CONNECT th.bing.com:443 
name@domain FIRSTUP_PARENT/squid-parent -
 >>

 > This looks fine to me. The first request is sent without credentials,
 > then the second contains the correct ones using the correct
 > authentication scheme.

ok, this is little bit longer output:




1695983167.837  0 x.y.z TCP_DENIED/407 4135 CONNECT th.bing.com:443 - 
HIER_NONE/- text/html
1695983167.842  1 x.y.z TCP_DENIED/407 4135 CONNECT th.bing.com:443 - 
HIER_NONE/- text/html
1695983167.873 27 x.y.z TCP_TUNNEL/200 6080 CONNECT th.bing.com:443 
name@domain FIRSTUP_PARENT/squid-parent -


Taking this set of th.bing.com requests as clearly a bunch related they 
look like an NTLM or Negotiate/NTLM authentication sequence.



The rest of the log entries are a little too spread out with a mix of 
domains to tell where the connections are.


Also, the 200 status CONNECT tunnels in this log extract were all 
running from a time before the first line of the log snippet. So we 
cannot see how they reached 200 status.





In the gw1.ris.datacentrum.sk, there is authentication on the site
inside SSL. It is not working.


FYI, "inside SSL" is just opaque bytes to Squid. Any failure there is 
between the client and server at the other end of the CONNECT tunnel. 
Nothing to do with this Squid.




As soon as I exclude
gw1.ris.datacentrum.sk from the authentication in squid, it starts
working.


That is an indication that the client software is unable to handle 
authentication on the CONNECT tunnel properly.




For better troubleshooting there are several steps to take:

* making a custom log format and a debug log for your Squid would be 
useful to get more details about each transaction.


 I suggest adding this to your squid.conf:

 logformat debug %ts.%03tu %6tr %>a cid=%>p_%lp_%ssl::bump_mode \
%Ss/%03>Hs %The "cid=" entry should be a semi-unique value per TCP connection. It is 
not true unique since ports get re-used, but should be reliable enough 
to separate overlapping connections with duplicate request URLs.


The user=/login=/token= part should allow you to see what/why the 407 is 
occuring. You can investigate the token value with this tool 
 to see if it is 
truly a Negotiate/Kerberos token vs a Negotiate/NTLM one.




If you need more assistance, I/we will need to see your squid.conf (in 
full but without the "#" comment lines) and the output trace from that 
debug.log.


HTH
Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days

2023-10-12 Thread Ralf Hildebrandt 
This caught my attention:
https://github.com/MegaManSec/Squid-Security-Audit
-- 
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin

Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Vey slow navigation

2023-10-12 Thread Antony Stone 
On Thursday 12 October 2023 at 13:42:41, Andre Bolinhas wrote:

> Hi
> 
> I'm using Squid and sometimes my users are unable to access to internet
> or the internet access is very slow.

Have you tried accessing the same sites (preferably at the same time) from a 
machine which does not use Squid?

I would start from there to identify whether Squid is causing the problem.


Antony.

-- 
Tinned food was developed for the British Navy in 1813.

The tin opener was not invented until 1858.

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users

[squid-users] Vey slow navigation

2023-10-12 Thread Andre Bolinhas 

Hi

I'm using Squid and sometimes my users are unable to access to internet 
or the internet access is very slow.


The error returned from the browser is

“This site can't be reached – took too long”

On cache.log i get this errors very frequently

2023/10/12 10:23:49 kid5| local=10.30.2.33:3128 
remote=10.188.150.131:53305 FD 3379 flags=1: read/write failure: (32) 
Broken pipe
2023/10/12 10:23:53 kid4| local=10.30.2.33:3128 
remote=172.161.26.109:55123 FD 7784 flags=1: read/write failure: (32) 
Broken pipe
2023/10/12 10:24:11 kid1| local=10.30.2.33:3128 
remote=10.188.120.13:54408 FD 3116 flags=1: read/write failure: (32) 
Broken pipe
2023/10/12 10:24:26 kid4| local=10.30.2.33:3128 
remote=198.101.5.73:57952 FD 11987 flags=1: read/write failure: (32) 
Broken pipe


...

2023/10/12 10:47:29 kid2| local=10.30.2.33:3128 remote=167.2.22.36:64301 
FD 18774 flags=1: read/write failure: (110) Connection timed out
2023/10/12 10:50:28 kid2| local=10.30.2.33:3128 
remote=10.188.100.153:62550 FD 4240 flags=1: read/write failure: (110) 
Connection timed out
2023/10/12 10:50:30 kid4| local=10.30.2.33:3128 
remote=172.16.109.181:55468 FD 19204 flags=1: read/write failure: (110) 
Connection timed out


..


Can you help me to understand this?
It's a problem on squid box or something related with network / isp?

Best regards
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users