Re: [squid-users] Video streaming in some cases not working
On 14/12/2011 3:06 p.m., Roman Gelfand wrote: No, squidguard doesn't seem to be the problem as when I remove squidguard out of the picture the problem is still there. Any ideas. Thanks On Tue, Dec 13, 2011 at 8:48 PM, Roman Gelfand wrote: Actually, I didn't see this at first, but it looks like the issue is with the squidguard. I realize this is not squidguard forum, but if you know a way to solve this I would appreciate it. 2011-12-13 20:38:22 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/148?21490login=echo_214x92referer=http://www.echo.msk.ru/ This is not a Squid message. Look for whatever is actually producing that. Probably some intrusion detection system by the looks of it. Amos
RE: [squid-users] Video streaming in some cases not working
I am using SquidGuard with Squid 3.1.14 on Ubuntu and this type of message regarding two slashes is logged by it in the SquidGuard log so it is possible SquidGuard was still running in the testing you performed where you thought you had removed SquidGuard from the configuration. The log entry is labelled as a warning and I see quite a lot of them in the SquidGuard log on my proxy server. My guess is SquidGuard is not actually the cause(s) of the problem(s) you are observing if all it is doing is logging these warnings and not actually blocking access. I visited the site and tried playing a few videos and they appeared to work (not sure what I was selecting though as I don't understand what I assume is Russian :-)). The video seemed slow to start though. I did notice a number of warnings from Internet Explorer 8 regarding Errors on page while loading the page in the url you posted. You may need to do some more in depth investigation (perhaps using tcpdump) to track the tcp and http exchanges between the browser and the web site to understand more about what is going on (or not going on). Regards Paul -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Thursday, 15 December 2011 2:21 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] Video streaming in some cases not working On 14/12/2011 3:06 p.m., Roman Gelfand wrote: No, squidguard doesn't seem to be the problem as when I remove squidguard out of the picture the problem is still there. Any ideas. Thanks On Tue, Dec 13, 2011 at 8:48 PM, Roman Gelfand wrote: Actually, I didn't see this at first, but it looks like the issue is with the squidguard. I realize this is not squidguard forum, but if you know a way to solve this I would appreciate it. 2011-12-13 20:38:22 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi- bin/banner/148?21490login=echo_214x92referer=http://www.echo.msk.ru/ This is not a Squid message. Look for whatever is actually producing that. Probably some intrusion detection system by the looks of it. Amos
Re: [squid-users] Video streaming in some cases not working
On Tue, 13 Dec 2011 16:49:02 -0500, Roman Gelfand wrote: Video streaming on this site http://www.echo.msk.ru/blog/video/838893-echo/ not working. I am not sure if it has anything to do with it, but I am using ssl bump. The squid version is 3.1.16. Squidclamav version is 6.4. c-icap version is 0.1.7 1323811211.100369 192.168.3.210 TCP_MISS/304 286 GET http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl - DIRECT/96.17.10.72 application/pkix-crl 1323811211.210102 192.168.3.210 TCP_MISS/304 285 GET http://crl.microsoft.com/pki/crl/products/CSPCA.crl - DIRECT/96.17.10.72 application/pkix-crl 1323811211.334116 192.168.3.210 TCP_MISS/304 286 GET http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl - DIRECT/96.17.10.72 application/pkix-crl 1323811211.757415 192.168.3.210 TCP_MISS/304 235 GET http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20Secure%20Server%20Authority(8).crl - DIRECT/70.37.128.164 application/pkix-crl 1323811211.820 55 192.168.3.210 TCP_MISS/304 235 GET http://mscrl.microsoft.com/pki/mscorp/crl/mswww(5).crl - DIRECT/70.37.128.164 application/pkix-crl 1323811321.159988 192.168.3.210 TCP_MISS/200 2567 GET http://img2.imgsmail.ru/r/my/app/flash_lc.swf - DIRECT/94.100.187.36 application/x-shockwave-flash Notice how the log contains *no* HTTP errors of any kind. In fact how echo.msk.ru does not occur in it at all. Do you have any more details about the problem? Amos
Re: [squid-users] Video streaming in some cases not working
Actually, I didn't see this at first, but it looks like the issue is with the squidguard. I realize this is not squidguard forum, but if you know a way to solve this I would appreciate it. 2011-12-13 20:38:22 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/148?21490login=echo_214x92referer=http://www.echo.msk.ru/ 2011-12-13 20:38:23 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/48?795035login=echo_214x92-1referer=http://www.echo.msk.ru/ 2011-12-13 20:38:27 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/926?52490login=echomsk234referer=http://www.echo.msk.ru/ 2011-12-13 20:38:27 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/2031?215045login=echomsk234-1referer=http://www.echo.msk.ru/ 2011-12-13 20:38:28 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://sj1.ru//cgi-bin/banner/492?777login=echoreferer=http://www.echo.msk.ru/ 2011-12-13 20:38:31 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/148?21490login=echo_214x92referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:38:33 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/48?795035login=echo_214x92-1referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:38:34 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/2031?215045login=echomsk234-1referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:38:34 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/2109?52490login=echomsk234referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:38:35 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://sj1.ru//cgi-bin/banner/460?777login=echoreferer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:39:14 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/148?21490login=echo_214x92referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:39:23 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/148?21490login=echo_214x92referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:39:35 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/510?52490login=echomsk234referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:39:35 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://sj1.ru//cgi-bin/banner/492?777login=echoreferer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:39:36 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/2031?215045login=echomsk234-1referer=http://www.echo.msk.ru/blog/video/838893-echo/ On Tue, Dec 13, 2011 at 6:21 PM, Amos Jeffries squ...@treenet.co.nz wrote: On Tue, 13 Dec 2011 16:49:02 -0500, Roman Gelfand wrote: Video streaming on this site http://www.echo.msk.ru/blog/video/838893-echo/ not working. I am not sure if it has anything to do with it, but I am using ssl bump. The squid version is 3.1.16. Squidclamav version is 6.4. c-icap version is 0.1.7 1323811211.100 369 192.168.3.210 TCP_MISS/304 286 GET http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl - DIRECT/96.17.10.72 application/pkix-crl 1323811211.210 102 192.168.3.210 TCP_MISS/304 285 GET http://crl.microsoft.com/pki/crl/products/CSPCA.crl - DIRECT/96.17.10.72 application/pkix-crl 1323811211.334 116 192.168.3.210 TCP_MISS/304 286 GET http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl - DIRECT/96.17.10.72 application/pkix-crl 1323811211.757 415 192.168.3.210 TCP_MISS/304 235 GET http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20Secure%20Server%20Authority(8).crl - DIRECT/70.37.128.164 application/pkix-crl 1323811211.820 55 192.168.3.210 TCP_MISS/304 235 GET http://mscrl.microsoft.com/pki/mscorp/crl/mswww(5).crl - DIRECT/70.37.128.164 application/pkix-crl 1323811321.159 988 192.168.3.210 TCP_MISS/200 2567 GET http://img2.imgsmail.ru/r/my/app/flash_lc.swf - DIRECT/94.100.187.36 application/x-shockwave-flash Notice how the log contains *no* HTTP errors of any kind. In fact how echo.msk.ru does not occur in it at all. Do you have any more details about the problem? Amos
Re: [squid-users] Video streaming in some cases not working
No, squidguard doesn't seem to be the problem as when I remove squidguard out of the picture the problem is still there. Any ideas. Thanks On Tue, Dec 13, 2011 at 8:48 PM, Roman Gelfand rgelfa...@gmail.com wrote: Actually, I didn't see this at first, but it looks like the issue is with the squidguard. I realize this is not squidguard forum, but if you know a way to solve this I would appreciate it. 2011-12-13 20:38:22 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/148?21490login=echo_214x92referer=http://www.echo.msk.ru/ 2011-12-13 20:38:23 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/48?795035login=echo_214x92-1referer=http://www.echo.msk.ru/ 2011-12-13 20:38:27 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/926?52490login=echomsk234referer=http://www.echo.msk.ru/ 2011-12-13 20:38:27 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/2031?215045login=echomsk234-1referer=http://www.echo.msk.ru/ 2011-12-13 20:38:28 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://sj1.ru//cgi-bin/banner/492?777login=echoreferer=http://www.echo.msk.ru/ 2011-12-13 20:38:31 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/148?21490login=echo_214x92referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:38:33 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/48?795035login=echo_214x92-1referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:38:34 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/2031?215045login=echomsk234-1referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:38:34 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/2109?52490login=echomsk234referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:38:35 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://sj1.ru//cgi-bin/banner/460?777login=echoreferer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:39:14 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/148?21490login=echo_214x92referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:39:23 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://rb.newsru.com//cgi-bin/banner/148?21490login=echo_214x92referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:39:35 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/510?52490login=echomsk234referer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:39:35 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://sj1.ru//cgi-bin/banner/492?777login=echoreferer=http://www.echo.msk.ru/blog/video/838893-echo/ 2011-12-13 20:39:36 [3699] WARN: Possible bypass attempt. Found multiple slashes where only one is expected: http://234.adru.net//cgi-bin/banner/2031?215045login=echomsk234-1referer=http://www.echo.msk.ru/blog/video/838893-echo/ On Tue, Dec 13, 2011 at 6:21 PM, Amos Jeffries squ...@treenet.co.nz wrote: On Tue, 13 Dec 2011 16:49:02 -0500, Roman Gelfand wrote: Video streaming on this site http://www.echo.msk.ru/blog/video/838893-echo/ not working. I am not sure if it has anything to do with it, but I am using ssl bump. The squid version is 3.1.16. Squidclamav version is 6.4. c-icap version is 0.1.7 1323811211.100 369 192.168.3.210 TCP_MISS/304 286 GET http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl - DIRECT/96.17.10.72 application/pkix-crl 1323811211.210 102 192.168.3.210 TCP_MISS/304 285 GET http://crl.microsoft.com/pki/crl/products/CSPCA.crl - DIRECT/96.17.10.72 application/pkix-crl 1323811211.334 116 192.168.3.210 TCP_MISS/304 286 GET http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl - DIRECT/96.17.10.72 application/pkix-crl 1323811211.757 415 192.168.3.210 TCP_MISS/304 235 GET http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20Secure%20Server%20Authority(8).crl - DIRECT/70.37.128.164 application/pkix-crl 1323811211.820 55 192.168.3.210 TCP_MISS/304 235 GET http://mscrl.microsoft.com/pki/mscorp/crl/mswww(5).crl - DIRECT/70.37.128.164 application/pkix-crl 1323811321.159 988 192.168.3.210 TCP_MISS/200 2567 GET
