Link to home
Start Free TrialLog in
Avatar of Synergy_IS
Synergy_IS

asked on

How to bypass Squid with Domain Name?

Hello all; I am looking for some assistance I have found several answers to my questions but none of the solutions seem to work.  I am guessing what I am trying to do has something to do with ACL's within the squid.conf but that doesn't seem to be working.

Here is my situation I have a Fedora Core release 5 (Bordeaux) running Squid (squid-2.5.STABLE14-2.FC5) and Dan's Guardian (dansguardian-2.8.0.6-1.fc4) the system works perfectly and authenticates to our active directory server.  But we have a certain site that is a Microsoft SharePoint site that is hosted by an external vendor that we are having issues accessing.  Now I know the issue is not related to Dan’s Guardian or the site itself because I can access it if I don’t use this proxy server at all.  I would like to somehow configure my proxy server to completely bypass all checks and allow all requests to thisdomain.com to go straight through without any verification by squid or anything else on the proxy server.  

The example domain is thisdomain.com I set the following in the squid.conf but it still has the same issues.

acl BYPASS dstdomain .domainname.com
no_cache deny BYPASS

Any other suggestions?
ASKER CERTIFIED SOLUTION
Avatar of mymymac
mymymac
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Synergy_IS
Synergy_IS

ASKER

Ok excellent idea about putting "http_access allow all" at the top of the access list to test.  

I tried your suggestion and the issue I am having still occurs; it just sits in a constant state of the page loading, the bar at the bottom sits there and the it seems like the page is going to load but never does Internet Explorer just sits there.  

Would you have any other suggestions on what it might be?  
Avatar of mymymac
mymymac
currently i dont know what is happening so i am going to advise you to check the log.

1. set "debug_options ALL,2" in squid.conf and also make sure that "http_access allow all" is still in the top of the ACLs
2. if possible, make sure that you are the only 1 that is using squid because there will be a lot of text poping out of the screen in the next step.
3. in the command line, type "tail -f /var/log/squid/cache.log"
4. access the website that is having problem

there should be relative error message that pops up saying why. if not, you can adjust the value in step 1, add 1 at a time so that the message does not get to hard core. try posting here the error message.

by the way, what is the full URL of the website? (just want to make sure that what services you are accessing on the sharepoint server.)
Avatar of Synergy_IS
Synergy_IS

ASKER

Ok thanks for additional information here is the result of the command you suggested; and I left the command "http_access allow all" in the squid.conf.  This is the result for debug 2 and 3, if you think you will need more information past that please let me know.

::debug_options ALL,2
2006/12/04 09:19:04| The request GET http://sps.ramrads.pdspc.com/default.aspx is ALLOWED, because it matched 'all'
2006/12/04 09:19:04| The reply for GET http://sps.ramrads.pdspc.com/default.aspx is ALLOWED, because it matched 'all'
2006/12/04 09:19:04| fwdServerClosed: FD 14 http://sps.ramrads.pdspc.com/default.aspx

::debug_options ALL,3
2006/12/04 09:24:48| storeClientCopy: E6E84D371A52399CD1AAE26DE56D4975, seen 4405, want 4405, size 4096, cb 0x5d57a7, cbdata 0x8f527c8
2006/12/04 09:24:48| cbdataLock: 0x8f53250
2006/12/04 09:24:48| storeClientCopy2: E6E84D371A52399CD1AAE26DE56D4975
2006/12/04 09:24:48| storeClientCopy3: Waiting for more
2006/12/04 09:24:48| cbdataUnlock: 0x8f53250
2006/12/04 09:24:48| cbdataUnlock: 0x8f527c8
2006/12/04 09:24:48| fwdComplete: http://sps.ramrads.pdspc.com/default.aspx
        status 401
2006/12/04 09:24:48| fwdReforward: http://sps.ramrads.pdspc.com/default.aspx?
2006/12/04 09:24:48| fwdReforward: No, ENTRY_FWD_HDR_WAIT isn't set
2006/12/04 09:24:48| fwdComplete: not re-forwarding status 401
2006/12/04 09:24:48| storeComplete: 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| storeEntryValidLength: Checking 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| InvokeHandlers: E6E84D371A52399CD1AAE26DE56D4975
2006/12/04 09:24:48| InvokeHandlers: checking client #0
2006/12/04 09:24:48| cbdataLock: 0x8f53250
2006/12/04 09:24:48| storeClientCopy2: E6E84D371A52399CD1AAE26DE56D4975
2006/12/04 09:24:48| cbdataValid: 0x8f527c8
2006/12/04 09:24:48| cbdataValid: 0x8ea2a40
2006/12/04 09:24:48| connStateFree: FD 11
2006/12/04 09:24:48| httpRequestFree: http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:48| storeUnregister: called for 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| cbdataUnlock: 0x8f527c8
2006/12/04 09:24:48| cbdataFree: 0x8f53250
2006/12/04 09:24:48| cbdataFree: 0x8f53250 has 1 locks, not freeing
2006/12/04 09:24:48| storePendingNClients: returning 0
2006/12/04 09:24:48| storeUnlockObject: key 'E6E84D371A52399CD1AAE26DE56D4975' count=2
2006/12/04 09:24:48| cbdataFree: 0x8f527c8
2006/12/04 09:24:48| cbdataFree: Freeing 0x8f527c8
2006/12/04 09:24:48| cbdataFree: 0x8ea2a40
2006/12/04 09:24:48| cbdataFree: 0x8ea2a40 has 1 locks, not freeing
2006/12/04 09:24:48| cbdataUnlock: 0x8ea2a40
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8ea2a40
2006/12/04 09:24:48| fd_close FD 11 http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:48| cbdataUnlock: 0x8f53250
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8f53250
2006/12/04 09:24:48| cbdataValid: 0x8f54a30
2006/12/04 09:24:48| storeUnlockObject: key 'E6E84D371A52399CD1AAE26DE56D4975' count=1
2006/12/04 09:24:48| cbdataFree: 0x8f54a30
2006/12/04 09:24:48| cbdataFree: 0x8f54a30 has 1 locks, not freeing
2006/12/04 09:24:48| cbdataUnlock: 0x8f54a30
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8f54a30
2006/12/04 09:24:48| cbdataValid: 0x8f542b0
2006/12/04 09:24:48| fwdServerClosed: FD 14 http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:48| fwdStateFree: 0x8f542b0
2006/12/04 09:24:48| storePendingNClients: returning 0
2006/12/04 09:24:48| storeUnlockObject: key 'E6E84D371A52399CD1AAE26DE56D4975' count=0
2006/12/04 09:24:48| storePendingNClients: returning 0
2006/12/04 09:24:48| storeRelease: Releasing: 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| destroy_StoreEntry: destroying 0x8f530b0
2006/12/04 09:24:48| ctx: enter level  0: 'http://sps.ramrads.pdspc.com/default.aspx'
2006/12/04 09:24:48| destroy_MemObject: destroying 0x8f530e8
2006/12/04 09:24:48| ctx: exit level  0
2006/12/04 09:24:48| cbdataFree: 0x8f542b0
2006/12/04 09:24:48| cbdataFree: 0x8f542b0 has 1 locks, not freeing
2006/12/04 09:24:48| cbdataUnlock: 0x8f542b0
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8f542b0
2006/12/04 09:24:48| fd_close FD 14 http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:49| storeMaintainSwapSpace: f=0.000000, max_scan=100, max_remove=10
2006/12/04 09:24:49| cbdataFree: 0x8ea26b8
2006/12/04 09:24:49| cbdataFree: Freeing 0x8ea26b8
2006/12/04 09:24:49| storeUfsDirMaintain: /var/spool/squid removed 0/10 f=0.000 max_scan=100
2006/12/04 09:24:51| storeMaintainSwapSpace: f=0.000000, max_scan=100, max_remove=10
2006/12/04 09:24:51| cbdataFree: 0x8ea26b8
2006/12/04 09:24:51| cbdataFree: Freeing 0x8ea26b8
2006/12/04 09:24:51| storeUfsDirMaintain: /var/spool/squid removed 0/10 f=0.000 max_scan=100
2006/12/04 09:24:52| statHistCopy: Dest=0x77c4e8, Orig=0x790f08
2006/12/04 09:24:52| statHistCopy: capacity 300 300
2006/12/04 09:24:52| statHistCopy: min 0.000000 0.000000
2006/12/04 09:24:52| statHistCopy: max 10800000.000000 10800000.000000
2006/12/04 09:24:52| statHistCopy: scale 18.524171 18.524171
2006/12/04 09:24:52| statHistCopy: copying 1200 bytes to 0x8dd4528 from 0x8e96870
2006/12/04 09:24:52| statHistCopy: Dest=0x77c448, Orig=0x790e68
2006/12/04 09:24:52| statHistCopy: capacity 300 300
2006/12/04 09:24:52| statHistCopy: min 0.000000 0.000000
2006/12/04 09:24:52| statHistCopy: max 10800000.000000 10800000.000000
2006/12/04 09:24:52| statHistCopy: scale 18.524171 18.524171
2006/12/04 09:24:52| statHistCopy: copying 1200 bytes to 0x8dd49e0 from 0x8e96d28

Now after entering the login information the loading bar still loads, the page is empty and the site never loads.

The full site is http://sps.ramrads.pdspc.com 

Also I have done more research and have read that it might have something to do with the following (since this site is using NTLM authentication and I am using NTLM authentication are they just conflicting with each other?)
http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
http://support.microsoft.com/kb/q198116/

If this is the case do you have any recommendations on how I can just completely bypass everything for certain urls?
Avatar of mymymac
mymymac
hmm... i have been google around and found out this :

http://www.squid-cache.org/mail-archive/squid-users/200411/0021.html

it seems like it is a ACL problem. remove (probably you can cut it and paste it to another file) any ACLs and HTTP_* in the squid.conf. if possible, please paste your squid.conf without the comments.
Avatar of Synergy_IS
Synergy_IS

ASKER

I have worked out a solution by adding the site to the browser to bypass the proxy, and then added a rule to the firewall to allow the site out I really can't spend anymore time troubleshooting this issue.

I appreciate all your help and due to the fact your first answer is what I was looking for I accepted that, thanks for your time mymymac.