Squid Blocking Web Access

qwaven

Hi all,

I'm a little confused. I've installed the packages Squid and SquidGuard. I had them setup and everything was going just fine for a day or 2.

Tried Snort. This was giving me all sorts of trouble getting it to start properly. Figured out its because of the rules I was enabling in it.

Anyway my problem is now Squid seems to be blocking any traffic after a few short while.

For example I can go to google images, load a random search full of images. Afterwards I won't be able to browse any more. I get the following error in any browser I try.

ERROR
The requested URL could not be retrieved

While trying to process the request:

GET / HTTP/1.1
Host: www.google.ca
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PREF=ID=f5c0eb04e9745630:U=800c9673e31ef69e:FF=4:LD=en:TM=1335041555:LM=1336690418:S=DbPz64PnnGv-Q_QN; NID=59=A4ngI0eBT9YG1CY-3oq6Yc1xxqMA5Ildu2Py9MCnwQ5P5kX3yzANQxjtok_Llg-Jlu0MMwJZaVyVz-H9AD6qGRZF9s1ciLFxKjZGzqEkyfNsLyoFNR_lhOWNVj4paW8s
Cache-Control: max-age=0

The following error was encountered:

    Invalid Request 

Some aspect of the HTTP Request is invalid. Possible problems:

    Missing or unknown request method
    Missing URL
    Missing HTTP Identifier (HTTP/1.0)
    Request is too large
    Content-Length missing for POST or PUT requests
    Illegal character in hostname; underscores are not allowed 

Your cache administrator is cacheman@cache.com.
Generated Thu, 10 May 2012 23:05:25 GMT by myhostname (squid) 

If I disable SquidGuard, doesnt help.
If I turn off transparent proxy and send my browser straight to the internet (by pass proxy) I can load sites normally again.

I've already tried:
-removing snort
-hitting re: install for both squid and squidguard
-Though I have "allow users on interface checked" I've tried adding my network in the "allowed subnets" section. Doesn't help.

Hoping someone might have some answers for me.

Thanks! :)

marcelloc

Did you tried to access these blocked websites from console using links?

qwaven

Thanks for your reply.

No I have not. I'm not exactly sure how to go about that.

Thanks!

qwaven

However I just noticed one thing.

I tried "upgrading" to Squid 3; no change. Error is slightly different but basically says the same thing.

Tried disabling the transparent feature and manually pointing my browser to Squid. This works!

So, why does transparent all of a sudden stop working? It used to work.

Thanks!

marcelloc

Can you try to reboot? Maybe something left begind by snort.

As squidguard installs squid2, the install sequence for squid 3 and squidguard is first squidguard then squid3

qwaven

I've rebooted many times already. Each time websites will load fine but than shortly after for example if I load google images, access will stop afterwards.

I can try rebooting again now that I have squid3 installed. Will let you know once I've been able to reboot.

Normally is there any issue with having Squid/SquidGuard and Snort installed at the same time?

Thanks

qwaven

To update:

After rebooting I was able to browse a few sites (clicked around the pages in Google) and then upon trying a different site I was denied per the same error.

Any thoughts? Are there any logs I can pull up? Should I just reinstall the system?

Thanks!

qwaven

Update 2:

I have uninstalled all Squid software completely and then rebooted.

Noticed and error on the console saying it can't find Squid… some file. Could not browse the internet at all! Rebooted again and internet was restored.

Installed Squid3 only. Turn transparent back on and my issue re: appears. :(

I notice that my settings continue to stay even after a full uninstall. Is there a way to reset the config for Squid? I don't have many customizations so it should not take long to configure.

Thanks!

marcelloc

qwaven,

If you have a backup file before squid install, just restore it to remove squid conf.

If you do not have, you can try to backup the config, edit file to remove squid options and the restore.

Do this carefully so as not to spoil your pfsense.

qwaven

Hi Marcelloc,

Thanks for your help.

I've since reinstalled the firewall system. Unfortunately I appear to be having the exact same issue. I believe there is some issue with the Squid package or a setting I'm missing within Snort or Squid.

Steps I took:

-Install PF Sense and verify normal network activity works
-Install SNORT; setup; and tested loading websites works fine. Service is loaded without issue.
-Installed Squid3; setup; started. Turn on transparent mode and the error appears!
If I turn off transparent and direct my browser to the firewall ip port 3128 I can surf the internet through the proxy.

-I even tried keeping Squid transparent mode off, and manually adding a firewall rule to redirect port 80 to Squid (same as transparent mode) and I get the SAME error.

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: /

The following error was encountered:

    Invalid URL 

Some aspect of the requested URL is incorrect. Possible problems:

    Missing or incorrect access protocol (should be `http://'' or similar)
    Missing hostname
    Illegal double-escape in the URL-Path
    Illegal character in hostname; underscores are not allowed 

Your cache administrator is admin@admin.com. 

Any thoughts? No other setup has been done with PF Sense; fresh install.

Thanks!

marcelloc

check if first lines of squid.conf has the transparent set in front of listening ip address(es).

qwaven

Thanks. You will need to advise how to do that. I am very unfamiliar with how to do this on PF Sense. I take it this would be via command line?

Please let me know,

Cheers!

marcelloc

You can use at console/ssh/diagnostics-> command prompt : head -20 /usr/local/etc/squid/squid.conf

qwaven

Hi,

I see the following for my interfaces.

http_port 10.10.10.1:3128
http_port 127.0.0.1:3128
http_port 127.0.0.1:3128 intercept
icp_port 7

Does that look correct or should my LAN IP also have the intercept?

Thanks for your help!

marcelloc

change this line (using Diagnostics-> edit file) on /usr/local/etc/squid/squid.conf

from:
http_port 10.10.10.1:3128

to:
http_port 10.10.10.1:3128 transparent

and test transparent access after executing killall -HUP squid on console/ssh/diagnostics-> command prompt

qwaven

I was having trouble getting the command to work. Squid would not start at all with transparent keyword.

However if I use intercept

10.10.10.1:3128 intercept

Squid will start, but I still encounter the same error. :(

NOW, I did some experimenting and found that if I omit the IP Address and just use:

http_port 3128 intercept

This WORKS! at last. Verified on an http header site and I see that "it" sees my proxy details.

Is there any issue with me doing this? Security concerns primarily? All of my internal networks should pass through the proxy anyhow, I just have not configured them yet! :)

Thanks for your help!

Update: Turns out I have one more issue! If I reboot, my configuration reverts back to before I made any changes…. Is there like an "apply" I need to activate? I did the changes via SSH.

marcelloc

@qwaven:

Is there any issue with me doing this? Security concerns primarily? All of my internal networks should pass through the proxy anyhow, I just have not configured them yet! :)

You need firewall rules to prevent external access to you squid this way.
I'll check the intercept option on squid3 package

@qwaven:

]Update: Turns out I have one more issue! If I reboot, my configuration reverts back to before I made any changes…. Is there like an "apply" I need to activate? I did the changes via SSH.

Config file is built every time you boot or apply settings on squid gui.

qwaven

Thanks for your help.

If I cannot retain my settings after reboot I'm not sure this will work. :(

Please do let me know what you find via Squid 3 package. Although I had originally started with the default 2.x installed package.

Cheers.

qwaven

Any update?

I've tried using Dansguardian with a firewall rule redirecting port 80 instead of Squid/SquidGuard intercept mode. This seems to work so far. Wondering if I should just stick with D then?

Not really clear on the difference between the two softwares.

Thanks for your help.