Squid random disconnects random webpages
-
Yes I am using squid along with squidguard for web filtering and yes If I stop squid it works fine... with squid I randomly get issues like no DNS resolutions or the SSL_ERROR, I have deleted both DNS servers on my general and overrides on the DNS resolver, I will check how it performs
-
That's good to know. For URL filtering, I would suggest giving the package pfblockerNG-devel a try. It's very easy to setup, very effective and doesn't require squid. SSL filtering via squid can cause problems, so avoiding it if possible would be best.
-
I did considered pfblocker but the thing is... I have several subnets with different kinds of web access permissions, Maybe I did not looked for the whole information... but... Is it possible to set this kind of web access groups?
-
still having the same issue, lots of pages are failing :(
-
How many users in your environment? You are probably having an issue with a low number of rewrite & SSL child threads. Look into sslcrtd_children and url_rewrite_children which are configured under Services - Squid proxy server - General - Advanced Options - Integrations.
-
around 500 users at this time, I have SSL Certificate Deamon Children set to 20 and url_rewrite_children 64 startup=32 idle=16 concurrency=0
-
What do you mean? You already had those set, or you just set them now?
-
I had them configured that way already
-
Perhaps not enough?
-
I have increeased besides I am currently using just 1 pc for testing purposes... and I still received error err_ssl_protocol_error, any ideas? :(
-
currently testing with just squid... squidguard is currently disabled, still getting SSL errors
-
@la6er said in Squid random disconnects random webpages:
err_ssl_protocol_error
Post the squid access.log details from the time that the error happens. You may need to increase the default level of logging via the debug_options directive.
-
this are the logs I received when a wp fails
1542122446.776 0 10.16.20.191 TAG_NONE/409 3938 CONNECT twitter.com:443 - HIER_NONE/- text/html
1542122446.946 11 10.16.20.191 TAG_NONE/200 0 CONNECT 104.244.42.65:443 - HIER_NONE/- -
1542122446.947 0 10.16.20.191 TAG_NONE/409 3938 CONNECT twitter.com:443 - HIER_NONE/- text/html
1542122446.960 9 10.16.20.191 TAG_NONE/200 0 CONNECT 104.244.42.65:443 - HIER_NONE/- - -
currently the main issue looks to be sites related to google, but sometimes if I wait just a few minutes without doing anything they work after I refresh
-
A 409 is a conflict. Strange. I don't have a definitive answer for you but start by Googling 'squid 409 conflict err_ssl_protocol_error'
-
I have, I disabled 2 different things on my browsers, and so far looks stable, but it means I have to do that on over a 1000 pcs
-
Does the problem occur when the proxy is running in explicit mode? I've always hated transparent mode for the issues it has always caused me. Explicit + WPAD has worked for me for years now.
-
I indeed have it configured using transparent mode, everytime I tried using WPAD it does not let me download the files on the browser so I asummed it is not working properly in that way
-
The wpad.dat and proxy.pac files must reside on an HTTP server, not HTTPS. They must have correct contents. Clients on your network must be able to resolve wpad.your.domain.
-
what if my computer does not have any domain? I have set the files on another pfsense solution with the following script
function FindProxyForURL(url,host)
{
return "PROXY 10.30.251.61:3128";
}they are located on usr/local/www/ but if I set autodetect proxy it does not work, if I set manually http://10.30.251.59/proxy.pac (which is the ip of my http pfsense) on my browser it does not work, however if i set manually the proxy conf on the browser it works perfectly, I have set a host override on my dns resolver, and I am also using static ips on my clients