Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid blocking http://pix.defcon5.biz/

    Scheduled Pinned Locked Moved Cache/Proxy
    7 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Downloadski
      last edited by

      I have the following packages installed:

      squid3 0.3.9.2
      snort 3.2.8.2
      service watchdog 1.7.1
      sarg 0.6.6

      In general it seems to work fine.

      One of the thing i cannot find why it is doing it is:

      I cannot access: http://pix.defcon5.biz/  anymore.

      I get an image like this in a browser:

      In forum links to images hosted on defcon5 i see missing image icons..

      Also i get the following log line in the squid logs

      [2.2.4-RELEASE][admin@pfSense.localdomain]/var/squid/logs: tail access.log
      1446092394.297    57 192.168.3.10 TCP_MISS/403 4657 GET http://pix.defcon5.biz/ - ORIGINAL_DST/77.232.72.204 text/html

      If i stop squid, it works again, starting it, access stops working. So it seems the squid packages blocks this for me.

      Can anyone explain what is happening and how i could fix it (i assume i specifically need to allow this host it seems, but i do not understand why)

      if found this: http://wiki.squid-cache.org/SquidFaq/SquidLogs#Squid_result_codes
      So it is:

      TCP    Requests on the HTTP port (usually 3128).
      MISS  The response object delivered was the network response object
      403    Forbidden 1945, 2616, 4918

      Still not understand why it would be forbidden (my employers firewall blocks this image host as well)

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        The site might be detecting that you're behind a proxy and behave differently.  In the proxy server config, what do you have for X-Forward mode, and Disable VIA?

        1 Reply Last reply Reply Quote 0
        • D
          Downloadski
          last edited by

          @KOM:

          The site might be detecting that you're behind a proxy and behave differently.  In the proxy server config, what do you have for X-Forward mode, and Disable VIA?

          X-foreward Header mode is on
          Disable VIA Header is not selected.

          The disable via header solved it, thanks !!

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            X-foreward Header mode is on

            Set it to Delete instead.

            Glad to hear you got it working.

            1 Reply Last reply Reply Quote 0
            • D
              Downloadski
              last edited by

              I think all these setting were default, cannot imagine i did change any of the, as i have no clue what they do.

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Yes, they are the defaults but they can cause problems in certain situations, as you now know.  You almost always want to disable anything that tips off the outside world that you're using a proxy.

                1 Reply Last reply Reply Quote 0
                • D
                  Downloadski
                  last edited by

                  This link explains it for me, so perhaps usefull for others.

                  https://community.mcafee.com/docs/DOC-4816

                  Thanks for the help once more.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.