Squid blocking http://pix.defcon5.biz/



  • I have the following packages installed:

    squid3 0.3.9.2
    snort 3.2.8.2
    service watchdog 1.7.1
    sarg 0.6.6

    In general it seems to work fine.

    One of the thing i cannot find why it is doing it is:

    I cannot access: http://pix.defcon5.biz/  anymore.

    I get an image like this in a browser:

    In forum links to images hosted on defcon5 i see missing image icons..

    Also i get the following log line in the squid logs

    [2.2.4-RELEASE][admin@pfSense.localdomain]/var/squid/logs: tail access.log
    1446092394.297    57 192.168.3.10 TCP_MISS/403 4657 GET http://pix.defcon5.biz/ - ORIGINAL_DST/77.232.72.204 text/html

    If i stop squid, it works again, starting it, access stops working. So it seems the squid packages blocks this for me.

    Can anyone explain what is happening and how i could fix it (i assume i specifically need to allow this host it seems, but i do not understand why)

    if found this: http://wiki.squid-cache.org/SquidFaq/SquidLogs#Squid_result_codes
    So it is:

    TCP    Requests on the HTTP port (usually 3128).
    MISS  The response object delivered was the network response object
    403    Forbidden 1945, 2616, 4918

    Still not understand why it would be forbidden (my employers firewall blocks this image host as well)



  • The site might be detecting that you're behind a proxy and behave differently.  In the proxy server config, what do you have for X-Forward mode, and Disable VIA?



  • @KOM:

    The site might be detecting that you're behind a proxy and behave differently.  In the proxy server config, what do you have for X-Forward mode, and Disable VIA?

    X-foreward Header mode is on
    Disable VIA Header is not selected.

    The disable via header solved it, thanks !!



  • X-foreward Header mode is on

    Set it to Delete instead.

    Glad to hear you got it working.



  • I think all these setting were default, cannot imagine i did change any of the, as i have no clue what they do.



  • Yes, they are the defaults but they can cause problems in certain situations, as you now know.  You almost always want to disable anything that tips off the outside world that you're using a proxy.



  • This link explains it for me, so perhaps usefull for others.

    https://community.mcafee.com/docs/DOC-4816

    Thanks for the help once more.


Log in to reply