Solved

How to bypass Squid with Domain Name?

Posted on 2006-12-01
6
3,221 Views
Last Modified: 2013-12-06
Hello all; I am looking for some assistance I have found several answers to my questions but none of the solutions seem to work.  I am guessing what I am trying to do has something to do with ACL's within the squid.conf but that doesn't seem to be working.

Here is my situation I have a Fedora Core release 5 (Bordeaux) running Squid (squid-2.5.STABLE14-2.FC5) and Dan's Guardian (dansguardian-2.8.0.6-1.fc4) the system works perfectly and authenticates to our active directory server.  But we have a certain site that is a Microsoft SharePoint site that is hosted by an external vendor that we are having issues accessing.  Now I know the issue is not related to Dan’s Guardian or the site itself because I can access it if I don’t use this proxy server at all.  I would like to somehow configure my proxy server to completely bypass all checks and allow all requests to thisdomain.com to go straight through without any verification by squid or anything else on the proxy server.  

The example domain is thisdomain.com I set the following in the squid.conf but it still has the same issues.

acl BYPASS dstdomain .domainname.com
no_cache deny BYPASS

Any other suggestions?
0
Comment
Question by:Synergy_IS
  • 3
  • 3
6 Comments
 
LVL 1

Accepted Solution

by:
mymymac earned 125 total points
ID: 18059115
i would suggest you to try :

acl bypass_these_url url_regex -i "/etc/squid/URLs_to_bypass"

then

http_access allow bypass_these_url

at the top of http_access list. the above two lines will cause squid to allow any URL (e.g. google.com.my, yahoo.com, without the www and http) that is listed in the file /etc/squid/URLs_to_bypass.  

but if i were you, i will put a "http_access allow all" to the top of http_access list test where it is really a ACL problem.
0
 

Author Comment

by:Synergy_IS
ID: 18068697
Ok excellent idea about putting "http_access allow all" at the top of the access list to test.  

I tried your suggestion and the issue I am having still occurs; it just sits in a constant state of the page loading, the bar at the bottom sits there and the it seems like the page is going to load but never does Internet Explorer just sits there.  

Would you have any other suggestions on what it might be?  
0
 
LVL 1

Expert Comment

by:mymymac
ID: 18068997
currently i dont know what is happening so i am going to advise you to check the log.

1. set "debug_options ALL,2" in squid.conf and also make sure that "http_access allow all" is still in the top of the ACLs
2. if possible, make sure that you are the only 1 that is using squid because there will be a lot of text poping out of the screen in the next step.
3. in the command line, type "tail -f /var/log/squid/cache.log"
4. access the website that is having problem

there should be relative error message that pops up saying why. if not, you can adjust the value in step 1, add 1 at a time so that the message does not get to hard core. try posting here the error message.

by the way, what is the full URL of the website? (just want to make sure that what services you are accessing on the sharepoint server.)
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:Synergy_IS
ID: 18069136
Ok thanks for additional information here is the result of the command you suggested; and I left the command "http_access allow all" in the squid.conf.  This is the result for debug 2 and 3, if you think you will need more information past that please let me know.

::debug_options ALL,2
2006/12/04 09:19:04| The request GET http://sps.ramrads.pdspc.com/default.aspx is ALLOWED, because it matched 'all'
2006/12/04 09:19:04| The reply for GET http://sps.ramrads.pdspc.com/default.aspx is ALLOWED, because it matched 'all'
2006/12/04 09:19:04| fwdServerClosed: FD 14 http://sps.ramrads.pdspc.com/default.aspx

::debug_options ALL,3
2006/12/04 09:24:48| storeClientCopy: E6E84D371A52399CD1AAE26DE56D4975, seen 4405, want 4405, size 4096, cb 0x5d57a7, cbdata 0x8f527c8
2006/12/04 09:24:48| cbdataLock: 0x8f53250
2006/12/04 09:24:48| storeClientCopy2: E6E84D371A52399CD1AAE26DE56D4975
2006/12/04 09:24:48| storeClientCopy3: Waiting for more
2006/12/04 09:24:48| cbdataUnlock: 0x8f53250
2006/12/04 09:24:48| cbdataUnlock: 0x8f527c8
2006/12/04 09:24:48| fwdComplete: http://sps.ramrads.pdspc.com/default.aspx
        status 401
2006/12/04 09:24:48| fwdReforward: http://sps.ramrads.pdspc.com/default.aspx?
2006/12/04 09:24:48| fwdReforward: No, ENTRY_FWD_HDR_WAIT isn't set
2006/12/04 09:24:48| fwdComplete: not re-forwarding status 401
2006/12/04 09:24:48| storeComplete: 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| storeEntryValidLength: Checking 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| InvokeHandlers: E6E84D371A52399CD1AAE26DE56D4975
2006/12/04 09:24:48| InvokeHandlers: checking client #0
2006/12/04 09:24:48| cbdataLock: 0x8f53250
2006/12/04 09:24:48| storeClientCopy2: E6E84D371A52399CD1AAE26DE56D4975
2006/12/04 09:24:48| cbdataValid: 0x8f527c8
2006/12/04 09:24:48| cbdataValid: 0x8ea2a40
2006/12/04 09:24:48| connStateFree: FD 11
2006/12/04 09:24:48| httpRequestFree: http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:48| storeUnregister: called for 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| cbdataUnlock: 0x8f527c8
2006/12/04 09:24:48| cbdataFree: 0x8f53250
2006/12/04 09:24:48| cbdataFree: 0x8f53250 has 1 locks, not freeing
2006/12/04 09:24:48| storePendingNClients: returning 0
2006/12/04 09:24:48| storeUnlockObject: key 'E6E84D371A52399CD1AAE26DE56D4975' count=2
2006/12/04 09:24:48| cbdataFree: 0x8f527c8
2006/12/04 09:24:48| cbdataFree: Freeing 0x8f527c8
2006/12/04 09:24:48| cbdataFree: 0x8ea2a40
2006/12/04 09:24:48| cbdataFree: 0x8ea2a40 has 1 locks, not freeing
2006/12/04 09:24:48| cbdataUnlock: 0x8ea2a40
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8ea2a40
2006/12/04 09:24:48| fd_close FD 11 http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:48| cbdataUnlock: 0x8f53250
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8f53250
2006/12/04 09:24:48| cbdataValid: 0x8f54a30
2006/12/04 09:24:48| storeUnlockObject: key 'E6E84D371A52399CD1AAE26DE56D4975' count=1
2006/12/04 09:24:48| cbdataFree: 0x8f54a30
2006/12/04 09:24:48| cbdataFree: 0x8f54a30 has 1 locks, not freeing
2006/12/04 09:24:48| cbdataUnlock: 0x8f54a30
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8f54a30
2006/12/04 09:24:48| cbdataValid: 0x8f542b0
2006/12/04 09:24:48| fwdServerClosed: FD 14 http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:48| fwdStateFree: 0x8f542b0
2006/12/04 09:24:48| storePendingNClients: returning 0
2006/12/04 09:24:48| storeUnlockObject: key 'E6E84D371A52399CD1AAE26DE56D4975' count=0
2006/12/04 09:24:48| storePendingNClients: returning 0
2006/12/04 09:24:48| storeRelease: Releasing: 'E6E84D371A52399CD1AAE26DE56D4975'
2006/12/04 09:24:48| destroy_StoreEntry: destroying 0x8f530b0
2006/12/04 09:24:48| ctx: enter level  0: 'http://sps.ramrads.pdspc.com/default.aspx'
2006/12/04 09:24:48| destroy_MemObject: destroying 0x8f530e8
2006/12/04 09:24:48| ctx: exit level  0
2006/12/04 09:24:48| cbdataFree: 0x8f542b0
2006/12/04 09:24:48| cbdataFree: 0x8f542b0 has 1 locks, not freeing
2006/12/04 09:24:48| cbdataUnlock: 0x8f542b0
2006/12/04 09:24:48| cbdataUnlock: Freeing 0x8f542b0
2006/12/04 09:24:48| fd_close FD 14 http://sps.ramrads.pdspc.com/default.aspx
2006/12/04 09:24:49| storeMaintainSwapSpace: f=0.000000, max_scan=100, max_remove=10
2006/12/04 09:24:49| cbdataFree: 0x8ea26b8
2006/12/04 09:24:49| cbdataFree: Freeing 0x8ea26b8
2006/12/04 09:24:49| storeUfsDirMaintain: /var/spool/squid removed 0/10 f=0.000 max_scan=100
2006/12/04 09:24:51| storeMaintainSwapSpace: f=0.000000, max_scan=100, max_remove=10
2006/12/04 09:24:51| cbdataFree: 0x8ea26b8
2006/12/04 09:24:51| cbdataFree: Freeing 0x8ea26b8
2006/12/04 09:24:51| storeUfsDirMaintain: /var/spool/squid removed 0/10 f=0.000 max_scan=100
2006/12/04 09:24:52| statHistCopy: Dest=0x77c4e8, Orig=0x790f08
2006/12/04 09:24:52| statHistCopy: capacity 300 300
2006/12/04 09:24:52| statHistCopy: min 0.000000 0.000000
2006/12/04 09:24:52| statHistCopy: max 10800000.000000 10800000.000000
2006/12/04 09:24:52| statHistCopy: scale 18.524171 18.524171
2006/12/04 09:24:52| statHistCopy: copying 1200 bytes to 0x8dd4528 from 0x8e96870
2006/12/04 09:24:52| statHistCopy: Dest=0x77c448, Orig=0x790e68
2006/12/04 09:24:52| statHistCopy: capacity 300 300
2006/12/04 09:24:52| statHistCopy: min 0.000000 0.000000
2006/12/04 09:24:52| statHistCopy: max 10800000.000000 10800000.000000
2006/12/04 09:24:52| statHistCopy: scale 18.524171 18.524171
2006/12/04 09:24:52| statHistCopy: copying 1200 bytes to 0x8dd49e0 from 0x8e96d28

Now after entering the login information the loading bar still loads, the page is empty and the site never loads.

The full site is http://sps.ramrads.pdspc.com

Also I have done more research and have read that it might have something to do with the following (since this site is using NTLM authentication and I am using NTLM authentication are they just conflicting with each other?)
http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
http://support.microsoft.com/kb/q198116/

If this is the case do you have any recommendations on how I can just completely bypass everything for certain urls?
0
 
LVL 1

Expert Comment

by:mymymac
ID: 18074846
hmm... i have been google around and found out this :

http://www.squid-cache.org/mail-archive/squid-users/200411/0021.html

it seems like it is a ACL problem. remove (probably you can cut it and paste it to another file) any ACLs and HTTP_* in the squid.conf. if possible, please paste your squid.conf without the comments.
0
 

Author Comment

by:Synergy_IS
ID: 18076573
I have worked out a solution by adding the site to the browser to bypass the proxy, and then added a rule to the firewall to allow the site out I really can't spend anymore time troubleshooting this issue.

I appreciate all your help and due to the fact your first answer is what I was looking for I accepted that, thanks for your time mymymac.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

After running Ubuntu some time, you will be asked to download updates for fixing bugs and security updates. All the packages you download replace the previous ones, except for the kernel, also called "linux-image". This is due to the fact that w…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now