On Thu, Feb 12, 2009 at 9:53 AM, david t. asuncion, jr. <[email protected]> wrote: > I am running a simply Squid3 setup on Ubuntu Intrepid. I have been using > Squid 2.7 for quite sometime but never had this problem before. Squid3 is > erroneously blocking gmail and yahoomail. My simple workaround is use https > instead of http. > > My ACLs are: > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > acl SMTP_port port 25 > acl workhours time M T W H F 8:00-12:00 13:15-17:00 > #acl otherhours time M T W H F 11:31-13:29 > acl warez dstdomain "/etc/squid3/warez/domains.acl" > acl ads dstdomain "/etc/squid3/ads/domains.acl" > acl special_sites dstdomain "/etc/squid3/special_sites/domains.acl" > acl justporn dstdomain "/etc/squid3/porn/justporn.acl" > acl redirector dstdomain "/etc/squid3/redirector/domains.acl" > acl spyware dstdomain "/etc/squid3/spyware/domains.acl" > #acl pornex url_regex -i "/etc/squid3/porn/pornex.acl" > #acl nopornex url_regex -i "/etc/squid3/porn/noporn.acl" > acl filenames url_regex -i \.exe$ \.com$ \.mp3$ \.asx$ \.wma$ \.mpeg$ \.mpg$ > \.qt$ \.ram$ \.rm$ \.wav$ \.flv$ \.avi$ > acl webRadioReq1 req_mime_type -i ^video/x-ms-asf$ > acl webRadioReq2 req_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$ > acl webRadioReq3 req_mime_type -i ^application/x-mms-framed$ > acl webRadioRep1 rep_mime_type -i ^video/x-ms-asf$ > acl webRadioRep2 rep_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$ > acl webRadioRep3 rep_mime_type -i ^application/x-mms-framed$ > acl WMP browser Windows-Media-Player/* > #acl batcave src "/etc/squid/ip/otherip" > acl batman src "/etc/squid3/ip/goodip" > > http_access deny SMTP_port > http_access deny workhours warez > http_access deny workhours ads > http_access deny workhours justporn > http_access deny workhours redirector > http_access deny workhours spyware > #http_access deny workhours pornex !nopornex > http_access deny workhours filenames > http_access deny workhours special_sites > http_access deny workhours WMP all > http_access deny workhours webRadioReq1 all > http_access deny workhours webRadioReq2 all > http_access deny workhours webRadioReq3 all > # Example rule allowing access from your local networks. > # Adapt localnet in the ACL section to list your (internal) IP networks > # from where browsing should be allowed > #http_access allow localnet > http_access allow batman > http_access allow localhost > > I assure you that gmail and yahoomail are not within those domains.acl files > as I searched for it. Anything wrong? Or any issue with Squid3 that I > didn't know about? > > > Excerpts from sudo tail -f /var/log/squid3/access.log when I tried to access > gmail.com is as follows: > > 1234403201.410 2011 192.168.2.192 TCP_MISS/200 592 GET > http://presence.msg.yahoo.com/online? - DIRECT/209.131.36.172 text/plain > 1234403201.602 978 192.168.2.192 TCP_MISS/200 3178 GET > http://ph.mg60.mail.yahoo.com/ws/mail/v1/formrpc? - DIRECT/124.108.114.74 > text/xml > 1234403203.512 306 192.168.2.192 TCP_MISS/200 698 GET > http://ph.mg60.mail.yahoo.com/dc/rs? - DIRECT/124.108.114.74 text/html > 1234403343.324 0 192.168.2.186 TCP_DENIED/403 2885 POST > http://safebrowsing.clients.google.com/safebrowsing/downloads? - NONE/- > text/html > 1234403403.331 0 192.168.2.186 TCP_DENIED/403 2885 POST > http://safebrowsing.clients.google.com/safebrowsing/downloads? - NONE/- > text/html > 1234403448.987 26483 192.168.2.192 TCP_MISS/200 21321 GET > http://f5.yahoofs.com/msgr/mary_allangel/.friend_icon.png? - > DIRECT/206.190.35.168 image/png > 1234403466.565 0 192.168.2.188 TCP_DENIED/403 2664 GET > http://en-us.fxfeeds.mozilla.com/en-US/firefox/headlines.xml - NONE/- > text/html > 1234403489.349 0 192.168.2.192 TCP_HIT/301 648 GET http://gmail.com/ - > NONE/- text/html > 1234403495.234 5884 192.168.2.192 TCP_MISS/302 1235 GET > http://mail.google.com/mail/ - DIRECT/74.125.19.19 text/html > 1234403496.600 0 192.168.2.192 TCP_DENIED/403 3191 GET > http://mail.google.com/mail/? - NONE/- text/html > > It seems its blocking URLs with "?" at end?
TCP_DENIED it means access was denied for this request and 403 means it returns http status code "Forbidden".. this is more likely that one of your denied ACLs hit the rule.. to debug your squid... i suggest remark or disable all the denied ACLs first and turn it on one at a time while accessing gmail site... fooler. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
