Re: [squid-users] Problems with google ...

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 15 Aug 2008 20:23:24 +1200

Chris Robertson wrote:
> Ramiro Sabastta wrote:
>> Hi !!!
>>
>> I've installed a Squid box transparent mode (3STABLE7) with Debian. A
>> router send all the request to the port 80 to my squid box on 3128
>> port.
>>
>> I've problems with google pages. Sometimes when somedy try to sail in
>> google the result is a http://www.google.com.ar/sorry/?.
>
> "strip_query_terms off" in your Squid.conf will allow you to see the
> text after the question mark.
>
>> This page say
>> something like the ip origin maybe is a malicious source, like a virus
>> or spyware.
>>
>> I put in my squid.conf exepcions to google:
>>
>> acl exepciones dstdomain "/usr/local/squid/etc/exepciones"
>> always_direct allow exepciones
>>
>
> *sigh*
> http://www.squid-cache.org/Versions/v3/3.0/cfgman/always_direct.html
>
> And I quote...
>
> Here you can use ACL elements to specify requests which should
> ALWAYS be forwarded by Squid to the origin servers without using any
> peers. For example, to always directly forward requests for local
> servers ignoring any parents or siblings you may have use something
> like...
>
>
> The important bits are "by Squid" and "without using any peers". Once
> the traffic has been handed to Squid (be it via specifying the proxy
> explicitly in the browser, using WPAD or interception) Squid has to
> handle that traffic. If you want to bypass Squid for some Internet
> traffic don't send that traffic to Squid.
>
>> and the exepciones file is as follws:
>>
>> .google.com
>> .google.com.ar
>> .gmail.com
>>
>> but nothing changes.
>>
>> Any idea?
>>
>
> Set your router up to pass traffic destined to Google directly to Google
> (and not to Squid). Otherwise track down and eliminate the traffic that
> is causing Google to view your clients with suspicion.
>
>> Is posible than a lot of requeriments with the same ip (the proxy ip)
>> causes this behavior?

Not unless its a very large amount of requests.
But a lesser amount of requests doing abusive behavior from one IP, or
anonymous proxy might also cause this.
I've usually found squid being blocked by google to be open-proxies with
spammers playing around.

We'll be happy to check your config and point out security hole if you
don't mind sharing it.

Amos

-- 
Please use Squid 2.7.STABLE3 or 3.0.STABLE8
Received on Fri Aug 15 2008 - 08:23:21 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 15 2008 - 12:00:03 MDT