?
Solved

How to bypass Squid with Domain Name?

Posted on 2006-12-01
6
Medium Priority
?
3,361 Views
Last Modified: 2013-12-06
Hello all; I am looking for some assistance I have found several answers to my questions but none of the solutions seem to work.  I am guessing what I am trying to do has something to do with ACL's within the squid.conf but that doesn't seem to be working.

Here is my situation I have a Fedora Core release 5 (Bordeaux) running Squid (squid-2.5.STABLE14-2.FC5) and Dan's Guardian (dansguardian-2.8.0.6-1.fc4) the system works perfectly and authenticates to our active directory server.  But we have a certain site that is a Microsoft SharePoint site that is hosted by an external vendor that we are having issues accessing.  Now I know the issue is not related to Dan’s Guardian or the site itself because I can access it if I don’t use this proxy server at all.  I would like to somehow configure my proxy server to completely bypass all checks and allow all requests to thisdomain.com to go straight through without any verification by squid or anything else on the proxy server.  

The example domain is thisdomain.com I set the following in the squid.conf but it still has the same issues.

acl BYPASS dstdomain .domainname.com
no_cache deny BYPASS

Any other suggestions?
0
Comment
Question by:Synergy_IS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 1

Accepted Solution

by:
mymymac earned 500 total points
ID: 18059115
i would suggest you to try :

acl bypass_these_url url_regex -i "/etc/squid/URLs_to_bypass"

then

http_access allow bypass_these_url

at the top of http_access list. the above two lines will cause squid to allow any URL (e.g. google.com.my, yahoo.com, without the www and http) that is listed in the file /etc/squid/URLs_to_bypass.  

but if i were you, i will put a "http_access allow all" to the top of http_access list test where it is really a ACL problem.
0
 

Author Comment

by:Synergy_IS
ID: 18068697
Ok excellent idea about putting "http_access allow all" at the top of the access list to test.  

I tried your suggestion and the issue I am having still occurs; it just sits in a constant state of the page loading, the bar at the bottom sits there and the it seems like the page is going to load but never does Internet Explorer just sits there.  

Would you have any other suggestions on what it might be?  
0
 
LVL 1

Expert Comment

by:mymymac
ID: 18068997
currently i dont know what is happening so i am going to advise you to check the log.

1. set "debug_options ALL,2" in squid.conf and also make sure that "http_access allow all" is still in the top of the ACLs
2. if possible, make sure that you are the only 1 that is using squid because there will be a lot of text poping out of the screen in the next step.
3. in the command line, type "tail -f /var/log/squid/cache.log"
4. access the website that is having problem

there should be relative error message that pops up saying why. if not, you can adjust the value in step 1, add 1 at a time so that the message does not get to hard core. try posting here the error message.

by the way, what is the full URL of the website? (just want to make sure that what services you are accessing on the sharepoint server.)
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:Synergy_IS
ID: 18069136
Ok thanks for additional information here is the result of the command you suggested; and I left the command "http_access allow all" in the squid.conf.  This is the result for debug 2 and 3, if you think you will need more information past that please let me know.

::debug_options ALL,2
2006/12/04 09:19:04| The request GET http://sps.ramrads.pdspc.com/default.aspx is ALLOWED, because it matched 'all'
2006/12/04 09:19:04| The reply for GET http://sps.ramrads.pdspc.com/default.aspx is ALLOWED, because it matched 'all'
2006/12/04 09:19:04| fwdServerClosed: FD 14 http://sps.ramrads.pdspc.com/default.aspx

::debug_options ALL,3
2006/12/04 09:24:48| storeClientCopy: E6E84D371A52399CD1AAE26DE56D4975, seen 4405, want 4405, size 4096, cb 0x5d57a7, cbdata 0x8f527c8
2006/12/04 09:24:48| cbdataLock: 0x8f53250
2006/12/04 09:24:48| storeClientCopy2: E6E84D371A52399CD1AAE26DE56D4975
2006/12/04 09:24:48| storeClientCopy3: Waiting for more
2006/12/04 09:24:48| cbdataUnlock: 0x8f53250
2006/12/04 09:24:48| cbdataUnlock: 0x8f527c8
2006/12/04 09:24:48| fwdComplete: http://sps.ramrads.pdspc.com/default.aspx
        status 401
2006/12/04 09:24:48| fwdReforward: http://sps.ramrads.pdspc.com/default.aspx?
2006/12/04 09:24:48| fwdReforward: No, ENTRY_FWD_HDR_WAIT isn't set
2006/12/04 09:24:48| fwdComplete: not re-forwarding status 401
2006/12/04 09:24:48| storeComplete: 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| storeEntryValidLength: Checking 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| InvokeHandlers: E6E84D371A52399CD1AAE26DE56D4975
2006/12/04 09:24:48| InvokeHandlers: checking client #0
2006/12/04 09:24:48| cbdataLock: 0x8f53250
2006/12/04 09:24:48| storeClientCopy2: E6E84D371A52399CD1AAE26DE56D4975
2006/12/04 09:24:48| cbdataValid: 0x8f527c8
2006/12/04 09:24:48| cbdataValid: 0x8ea2a40
2006/12/04 09:24:48| connStateFree: FD 11
2006/12/04 09:24:48| httpRequestFree: http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:48| storeUnregister: called for 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| cbdataUnlock: 0x8f527c8
2006/12/04 09:24:48| cbdataFree: 0x8f53250
2006/12/04 09:24:48| cbdataFree: 0x8f53250 has 1 locks, not freeing
2006/12/04 09:24:48| storePendingNClients: returning 0
2006/12/04 09:24:48| storeUnlockObject: key 'E6E84D371A52399CD1AAE26DE56D4975' count=2
2006/12/04 09:24:48| cbdataFree: 0x8f527c8
2006/12/04 09:24:48| cbdataFree: Freeing 0x8f527c8
2006/12/04 09:24:48| cbdataFree: 0x8ea2a40
2006/12/04 09:24:48| cbdataFree: 0x8ea2a40 has 1 locks, not freeing
2006/12/04 09:24:48| cbdataUnlock: 0x8ea2a40
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8ea2a40
2006/12/04 09:24:48| fd_close FD 11 http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:48| cbdataUnlock: 0x8f53250
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8f53250
2006/12/04 09:24:48| cbdataValid: 0x8f54a30
2006/12/04 09:24:48| storeUnlockObject: key 'E6E84D371A52399CD1AAE26DE56D4975' count=1
2006/12/04 09:24:48| cbdataFree: 0x8f54a30
2006/12/04 09:24:48| cbdataFree: 0x8f54a30 has 1 locks, not freeing
2006/12/04 09:24:48| cbdataUnlock: 0x8f54a30
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8f54a30
2006/12/04 09:24:48| cbdataValid: 0x8f542b0
2006/12/04 09:24:48| fwdServerClosed: FD 14 http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:48| fwdStateFree: 0x8f542b0
2006/12/04 09:24:48| storePendingNClients: returning 0
2006/12/04 09:24:48| storeUnlockObject: key 'E6E84D371A52399CD1AAE26DE56D4975' count=0
2006/12/04 09:24:48| storePendingNClients: returning 0
2006/12/04 09:24:48| storeRelease: Releasing: 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| destroy_StoreEntry: destroying 0x8f530b0
2006/12/04 09:24:48| ctx: enter level  0: 'http://sps.ramrads.pdspc.com/default.aspx'
2006/12/04 09:24:48| destroy_MemObject: destroying 0x8f530e8
2006/12/04 09:24:48| ctx: exit level  0
2006/12/04 09:24:48| cbdataFree: 0x8f542b0
2006/12/04 09:24:48| cbdataFree: 0x8f542b0 has 1 locks, not freeing
2006/12/04 09:24:48| cbdataUnlock: 0x8f542b0
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8f542b0
2006/12/04 09:24:48| fd_close FD 14 http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:49| storeMaintainSwapSpace: f=0.000000, max_scan=100, max_remove=10
2006/12/04 09:24:49| cbdataFree: 0x8ea26b8
2006/12/04 09:24:49| cbdataFree: Freeing 0x8ea26b8
2006/12/04 09:24:49| storeUfsDirMaintain: /var/spool/squid removed 0/10 f=0.000 max_scan=100
2006/12/04 09:24:51| storeMaintainSwapSpace: f=0.000000, max_scan=100, max_remove=10
2006/12/04 09:24:51| cbdataFree: 0x8ea26b8
2006/12/04 09:24:51| cbdataFree: Freeing 0x8ea26b8
2006/12/04 09:24:51| storeUfsDirMaintain: /var/spool/squid removed 0/10 f=0.000 max_scan=100
2006/12/04 09:24:52| statHistCopy: Dest=0x77c4e8, Orig=0x790f08
2006/12/04 09:24:52| statHistCopy: capacity 300 300
2006/12/04 09:24:52| statHistCopy: min 0.000000 0.000000
2006/12/04 09:24:52| statHistCopy: max 10800000.000000 10800000.000000
2006/12/04 09:24:52| statHistCopy: scale 18.524171 18.524171
2006/12/04 09:24:52| statHistCopy: copying 1200 bytes to 0x8dd4528 from 0x8e96870
2006/12/04 09:24:52| statHistCopy: Dest=0x77c448, Orig=0x790e68
2006/12/04 09:24:52| statHistCopy: capacity 300 300
2006/12/04 09:24:52| statHistCopy: min 0.000000 0.000000
2006/12/04 09:24:52| statHistCopy: max 10800000.000000 10800000.000000
2006/12/04 09:24:52| statHistCopy: scale 18.524171 18.524171
2006/12/04 09:24:52| statHistCopy: copying 1200 bytes to 0x8dd49e0 from 0x8e96d28

Now after entering the login information the loading bar still loads, the page is empty and the site never loads.

The full site is http://sps.ramrads.pdspc.com 

Also I have done more research and have read that it might have something to do with the following (since this site is using NTLM authentication and I am using NTLM authentication are they just conflicting with each other?)
http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
http://support.microsoft.com/kb/q198116/

If this is the case do you have any recommendations on how I can just completely bypass everything for certain urls?
0
 
LVL 1

Expert Comment

by:mymymac
ID: 18074846
hmm... i have been google around and found out this :

http://www.squid-cache.org/mail-archive/squid-users/200411/0021.html

it seems like it is a ACL problem. remove (probably you can cut it and paste it to another file) any ACLs and HTTP_* in the squid.conf. if possible, please paste your squid.conf without the comments.
0
 

Author Comment

by:Synergy_IS
ID: 18076573
I have worked out a solution by adding the site to the browser to bypass the proxy, and then added a rule to the firewall to allow the site out I really can't spend anymore time troubleshooting this issue.

I appreciate all your help and due to the fact your first answer is what I was looking for I accepted that, thanks for your time mymymac.
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month9 days, 11 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question