Squid random disconnects random webpages
-
around 500 users at this time, I have SSL Certificate Deamon Children set to 20 and url_rewrite_children 64 startup=32 idle=16 concurrency=0
-
What do you mean? You already had those set, or you just set them now?
-
I had them configured that way already
-
Perhaps not enough?
-
I have increeased besides I am currently using just 1 pc for testing purposes... and I still received error err_ssl_protocol_error, any ideas? :(
-
currently testing with just squid... squidguard is currently disabled, still getting SSL errors
-
@la6er said in Squid random disconnects random webpages:
err_ssl_protocol_error
Post the squid access.log details from the time that the error happens. You may need to increase the default level of logging via the debug_options directive.
-
this are the logs I received when a wp fails
1542122446.776 0 10.16.20.191 TAG_NONE/409 3938 CONNECT twitter.com:443 - HIER_NONE/- text/html
1542122446.946 11 10.16.20.191 TAG_NONE/200 0 CONNECT 104.244.42.65:443 - HIER_NONE/- -
1542122446.947 0 10.16.20.191 TAG_NONE/409 3938 CONNECT twitter.com:443 - HIER_NONE/- text/html
1542122446.960 9 10.16.20.191 TAG_NONE/200 0 CONNECT 104.244.42.65:443 - HIER_NONE/- - -
currently the main issue looks to be sites related to google, but sometimes if I wait just a few minutes without doing anything they work after I refresh
-
A 409 is a conflict. Strange. I don't have a definitive answer for you but start by Googling 'squid 409 conflict err_ssl_protocol_error'
-
I have, I disabled 2 different things on my browsers, and so far looks stable, but it means I have to do that on over a 1000 pcs
-
Does the problem occur when the proxy is running in explicit mode? I've always hated transparent mode for the issues it has always caused me. Explicit + WPAD has worked for me for years now.
-
I indeed have it configured using transparent mode, everytime I tried using WPAD it does not let me download the files on the browser so I asummed it is not working properly in that way
-
The wpad.dat and proxy.pac files must reside on an HTTP server, not HTTPS. They must have correct contents. Clients on your network must be able to resolve wpad.your.domain.
-
what if my computer does not have any domain? I have set the files on another pfsense solution with the following script
function FindProxyForURL(url,host)
{
return "PROXY 10.30.251.61:3128";
}they are located on usr/local/www/ but if I set autodetect proxy it does not work, if I set manually http://10.30.251.59/proxy.pac (which is the ip of my http pfsense) on my browser it does not work, however if i set manually the proxy conf on the browser it works perfectly, I have set a host override on my dns resolver, and I am also using static ips on my clients
-
WPAD relies on DNS having an entry for wpad on the default domain. I believe you can use a workgroup in place of a domain if you're using Windows clients. I haven't tried it but if you truly have no domain nor workgroup, you could still create an A record for wpad on your DNS and point it to pfSense LAN IP.
-
lets asume that is working properly.... my browser behavior will be... ask for the file, go to 10.30.251.59/proxy.pac and then overwrite it's own configuration with the proxy info I have set, correct? in this case 10.30.251.61:3128... in order to test if this is working I need to go to http://10.30.251.59/proxy.pac on my browser and a file should start downloading, correct? if that is the case I am not able to acomplish it, for some reason I am no able to download the file
-
Yes to all. What error do you get when you try to download the wpad file?
-
this is the error
-
I have static IPs on my clients...
is this script correct?
function FindProxyForURL(url,host)
{
return "PROXY 10.30.251.61:3128";
}
