Re: [squid-users] yahoo mail problem with tproxy (squid 3.1.19, kernel 3.2.21)

From: Ming-Ching Tiew <mctiew_at_yahoo.com>
Date: Sun, 1 Jul 2012 19:38:29 -0700 (PDT)

--- On Mon, 7/2/12, Ming-Ching Tiew <mctiew_at_yahoo.com> wrote:

>
> Attached please find the 'squid -X -N -d2 2>&1' ouput
> log when connecting to yahoo mail. When connecting to http://mail.yahoo.com, I get a 'No object data
> received'. When connecting to https, the bridge is not setup
> to intercept https, yet the login is hard to succeed.
>
> Note that the same box configured to nat mode, it could
> interact with yahoo mail.
>
>

When connecting to https, squid won't see the https traffic as the bridge is not configured to tproxy the SSL traffic, but nevertheless, login is hard to succced and below is some of the http traffic while doing https yahoo mail login :-

2012/07/01 20:12:43.703| The request POST http://ocsp.digicert.com/ is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:43.709| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:12:43.709| The request POST http://ocsp.digicert.com/ is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:43.860| The reply for POST http://ocsp.digicert.com/ is ALLOWED, because it matched 'all'
2012/07/01 20:12:43.897| The request POST http://ocsp.digicert.com/ is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:43.897| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:12:43.897| The request POST http://ocsp.digicert.com/ is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:43.999| The reply for POST http://ocsp.digicert.com/ is ALLOWED, because it matched 'all'
2012/07/01 20:12:45.897| The request POST http://ocsp.digicert.com/ is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:45.902| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:12:45.902| The request POST http://ocsp.digicert.com/ is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:45.994| The reply for POST http://ocsp.digicert.com/ is ALLOWED, because it matched 'all'
2012/07/01 20:12:56.429| The request GET http://us.mc1614.mail.yahoo.com/mc/welcome?.gx=1&.tm=1341173481&.rand=82c3g22q15e9c is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:56.434| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:12:56.434| The request GET http://us.mc1614.mail.yahoo.com/mc/welcome?.gx=1&.tm=1341173481&.rand=82c3g22q15e9c is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:57.172| The reply for GET http://us.mc1614.mail.yahoo.com/mc/welcome?.gx=1&.tm=1341173481&.rand=82c3g22q15e9c is ALLOWED, because it matched 'all'
2012/07/01 20:12:58.223| ConnStateData::swanSong: FD 10
2012/07/01 20:12:58.288| The request GET http://ads.bluelithium.com/pixel?id=365083&t=2 is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:58.293| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:12:58.293| The request GET http://ads.bluelithium.com/pixel?id=365083&t=2 is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:58.340| The request GET
 http://us.bc.yahoo.com/b?P=jdldrmKL1cIRitGnT.7kIgfHr465vE_wrusADSBa&T=19th47hua%2fX%3d1341173483%2fE%3d398301041%2fR%3dmail%2fK%3d5%2fV%3d1.1%2fW%3dJ%2fY%3dYAHOO%2fF%3d4183513604%2fH%3dY29udGVudD0ibm9fZXhwYW5kYWJsZTthamF4X2NlcnRfZXhwYW5kYWJsZTsiIHNlcnZlSWQ9ImpkbGRybUtMMWNJUml0R25ULjdrSWdmSHI0NjV2RV93cnVzQURTQmEiIHNpdGVJZD0iNDQ1NDU1MSIgdFN0bXA9IjEzNDExNzM0ODMwMzIwNzkiIA--%2fI%3d1%2fS%3d1%2fJ%3d23D48B62&U=13f0b5vp5%2fN%3dDNsnCWKL5No-%2fC%3d289534.10180982.10848075.9860700%2fD%3dFOOT%2fB%3d4386606%2fV%3d1&U=13fp61862%2fN%3dGdsnCWKL5No-%2fC%3d624324.13382210.13481662.12549985%2fD%3dSIP%2fB%3d5677395%2fV%3d1&U=12dr6v6qs%2fN%3dG9snCWKL5No-%2fC%3d-1%2fD%3dFSRVY%2fB%3d-1%2fV%3d0&U=12b0qkkrn%2fN%3dHNsnCWKL5No-%2fC%3d-1%2fD%3dRMP%2fB%3d-1%2fV%3d0&U=12a2tolqt%2fN%3dE9snCWKL5No-%2fC%3d-1%2fD%3dN2%2fB%3d-1%2fV%3d0&U=12bacet7j%2fN%3dEtsnCWKL5No-%2fC%3d-1%2fD%3dMNW%2fB%3d-1%2fV%3d0&U=12a7d0brd%2fN%3dFtsnCWKL5No-%2fC%3d-1%2fD%3dRS%2fB%3d-1%2fV%3d0&U=12bar1525%2fN%3dF9
snCWKL5No-%2fC%3d-1%2fD%3dRS2%2fB%3d-1%2fV%3d0&Q=0&O=0.43259778993149667 is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:58.340| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:12:58.340| The request GET
 http://us.bc.yahoo.com/b?P=jdldrmKL1cIRitGnT.7kIgfHr465vE_wrusADSBa&T=19th47hua%2fX%3d1341173483%2fE%3d398301041%2fR%3dmail%2fK%3d5%2fV%3d1.1%2fW%3dJ%2fY%3dYAHOO%2fF%3d4183513604%2fH%3dY29udGVudD0ibm9fZXhwYW5kYWJsZTthamF4X2NlcnRfZXhwYW5kYWJsZTsiIHNlcnZlSWQ9ImpkbGRybUtMMWNJUml0R25ULjdrSWdmSHI0NjV2RV93cnVzQURTQmEiIHNpdGVJZD0iNDQ1NDU1MSIgdFN0bXA9IjEzNDExNzM0ODMwMzIwNzkiIA--%2fI%3d1%2fS%3d1%2fJ%3d23D48B62&U=13f0b5vp5%2fN%3dDNsnCWKL5No-%2fC%3d289534.10180982.10848075.9860700%2fD%3dFOOT%2fB%3d4386606%2fV%3d1&U=13fp61862%2fN%3dGdsnCWKL5No-%2fC%3d624324.13382210.13481662.12549985%2fD%3dSIP%2fB%3d5677395%2fV%3d1&U=12dr6v6qs%2fN%3dG9snCWKL5No-%2fC%3d-1%2fD%3dFSRVY%2fB%3d-1%2fV%3d0&U=12b0qkkrn%2fN%3dHNsnCWKL5No-%2fC%3d-1%2fD%3dRMP%2fB%3d-1%2fV%3d0&U=12a2tolqt%2fN%3dE9snCWKL5No-%2fC%3d-1%2fD%3dN2%2fB%3d-1%2fV%3d0&U=12bacet7j%2fN%3dEtsnCWKL5No-%2fC%3d-1%2fD%3dMNW%2fB%3d-1%2fV%3d0&U=12a7d0brd%2fN%3dFtsnCWKL5No-%2fC%3d-1%2fD%3dRS%2fB%3d-1%2fV%3d0&U=12bar1525%2fN%3dF9
snCWKL5No-%2fC%3d-1%2fD%3dRS2%2fB%3d-1%2fV%3d0&Q=0&O=0.43259778993149667 is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:58.646| The reply for GET http://ads.bluelithium.com/pixel?id=365083&t=2 is ALLOWED, because it matched 'all'
2012/07/01 20:12:58.660| ConnStateData::swanSong: FD 10
2012/07/01 20:12:58.687| The reply for GET
 http://us.bc.yahoo.com/b?P=jdldrmKL1cIRitGnT.7kIgfHr465vE_wrusADSBa&T=19th47hua%2fX%3d1341173483%2fE%3d398301041%2fR%3dmail%2fK%3d5%2fV%3d1.1%2fW%3dJ%2fY%3dYAHOO%2fF%3d4183513604%2fH%3dY29udGVudD0ibm9fZXhwYW5kYWJsZTthamF4X2NlcnRfZXhwYW5kYWJsZTsiIHNlcnZlSWQ9ImpkbGRybUtMMWNJUml0R25ULjdrSWdmSHI0NjV2RV93cnVzQURTQmEiIHNpdGVJZD0iNDQ1NDU1MSIgdFN0bXA9IjEzNDExNzM0ODMwMzIwNzkiIA--%2fI%3d1%2fS%3d1%2fJ%3d23D48B62&U=13f0b5vp5%2fN%3dDNsnCWKL5No-%2fC%3d289534.10180982.10848075.9860700%2fD%3dFOOT%2fB%3d4386606%2fV%3d1&U=13fp61862%2fN%3dGdsnCWKL5No-%2fC%3d624324.13382210.13481662.12549985%2fD%3dSIP%2fB%3d5677395%2fV%3d1&U=12dr6v6qs%2fN%3dG9snCWKL5No-%2fC%3d-1%2fD%3dFSRVY%2fB%3d-1%2fV%3d0&U=12b0qkkrn%2fN%3dHNsnCWKL5No-%2fC%3d-1%2fD%3dRMP%2fB%3d-1%2fV%3d0&U=12a2tolqt%2fN%3dE9snCWKL5No-%2fC%3d-1%2fD%3dN2%2fB%3d-1%2fV%3d0&U=12bacet7j%2fN%3dEtsnCWKL5No-%2fC%3d-1%2fD%3dMNW%2fB%3d-1%2fV%3d0&U=12a7d0brd%2fN%3dFtsnCWKL5No-%2fC%3d-1%2fD%3dRS%2fB%3d-1%2fV%3d0&U=12bar1525%2fN%3dF9
snCWKL5No-%2fC%3d-1%2fD%3dRS2%2fB%3d-1%2fV%3d0&Q=0&O=0.43259778993149667 is ALLOWED, because it matched 'all'
2012/07/01 20:12:58.697| ConnStateData::swanSong: FD 17
2012/07/01 20:12:58.734| The request GET http://ad.yieldmanager.com/pixel?id=365083&t=2 is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:58.734| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:12:58.734| The request GET http://ad.yieldmanager.com/pixel?id=365083&t=2 is ALLOWED, because it matched 'localnet'
2012/07/01 20:12:58.881| The reply for GET http://ad.yieldmanager.com/pixel?id=365083&t=2 is ALLOWED, because it matched 'all'
2012/07/01 20:12:58.889| ConnStateData::swanSong: FD 10
2012/07/01 20:13:01.560| The request GET http://us.mc1614.mail.yahoo.com/mc/showFolder?fid=Inbox&order=down&tt=52&pSize=25&.rand=1080600679 is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:01.564| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:13:01.565| The request GET http://us.mc1614.mail.yahoo.com/mc/showFolder?fid=Inbox&order=down&tt=52&pSize=25&.rand=1080600679 is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:01.896| The reply for GET http://us.mc1614.mail.yahoo.com/mc/showFolder?fid=Inbox&order=down&tt=52&pSize=25&.rand=1080600679 is ALLOWED, because it matched 'all'
2012/07/01 20:13:02.956| ConnStateData::swanSong: FD 10
2012/07/01 20:13:02.985| The request GET http://ads.bluelithium.com/pixel?id=365078&t=2 is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:02.989| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:13:02.989| The request GET http://ads.bluelithium.com/pixel?id=365078&t=2 is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:03.057| The reply for GET http://ads.bluelithium.com/pixel?id=365078&t=2 is ALLOWED, because it matched 'all'
2012/07/01 20:13:03.068| ConnStateData::swanSong: FD 10
2012/07/01 20:13:03.123| The request GET
 http://us.bc.yahoo.com/b?P=eRKOAWKL1cIRitGnT.7kIgclr465vE_wrvAACnqg&T=19tof1soj%2fX%3d1341173487%2fE%3d398300139%2fR%3dmail%2fK%3d5%2fV%3d1.1%2fW%3dJ%2fY%3dYAHOO%2fF%3d4027577007%2fH%3dY29udGVudD0ibm9fZXhwYW5kYWJsZTthamF4X2NlcnRfZXhwYW5kYWJsZTsiIHNlcnZlSWQ9ImVSS09BV0tMMWNJUml0R25ULjdrSWdjbHI0NjV2RV93cnZBQUNucWciIHNpdGVJZD0iNDQ1NDU1MSIgdFN0bXA9IjEzNDExNzM0ODc3MzI4NDgiIA--%2fI%3d1%2fS%3d1%2fJ%3d20D48B62&U=13f3568nn%2fN%3ds2okCWKL5RE-%2fC%3d289534.10180982.10848075.9860700%2fD%3dFOOT%2fB%3d4386606%2fV%3d1&U=13f0gi3m2%2fN%3dvGokCWKL5RE-%2fC%3d624324.13382200.13481658.12549985%2fD%3dSIP%2fB%3d5677390%2fV%3d1&U=12djembrm%2fN%3dvmokCWKL5RE-%2fC%3d-1%2fD%3dFSRVY%2fB%3d-1%2fV%3d0&U=12b97aqom%2fN%3dv2okCWKL5RE-%2fC%3d-1%2fD%3dRMP%2fB%3d-1%2fV%3d0&U=12br6rgjl%2fN%3dtmokCWKL5RE-%2fC%3d-1%2fD%3dMNW%2fB%3d-1%2fV%3d0&U=12auqj121%2fN%3dumokCWKL5RE-%2fC%3d-1%2fD%3dRS%2fB%3d-1%2fV%3d0&U=12btsnii7%2fN%3du2okCWKL5RE-%2fC%3d-1%2fD%3dRS2%2fB%3d-1%2fV%3d0&Q=0&O=0.97797629191
90935 is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:03.124| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:13:03.124| The request GET
 http://us.bc.yahoo.com/b?P=eRKOAWKL1cIRitGnT.7kIgclr465vE_wrvAACnqg&T=19tof1soj%2fX%3d1341173487%2fE%3d398300139%2fR%3dmail%2fK%3d5%2fV%3d1.1%2fW%3dJ%2fY%3dYAHOO%2fF%3d4027577007%2fH%3dY29udGVudD0ibm9fZXhwYW5kYWJsZTthamF4X2NlcnRfZXhwYW5kYWJsZTsiIHNlcnZlSWQ9ImVSS09BV0tMMWNJUml0R25ULjdrSWdjbHI0NjV2RV93cnZBQUNucWciIHNpdGVJZD0iNDQ1NDU1MSIgdFN0bXA9IjEzNDExNzM0ODc3MzI4NDgiIA--%2fI%3d1%2fS%3d1%2fJ%3d20D48B62&U=13f3568nn%2fN%3ds2okCWKL5RE-%2fC%3d289534.10180982.10848075.9860700%2fD%3dFOOT%2fB%3d4386606%2fV%3d1&U=13f0gi3m2%2fN%3dvGokCWKL5RE-%2fC%3d624324.13382200.13481658.12549985%2fD%3dSIP%2fB%3d5677390%2fV%3d1&U=12djembrm%2fN%3dvmokCWKL5RE-%2fC%3d-1%2fD%3dFSRVY%2fB%3d-1%2fV%3d0&U=12b97aqom%2fN%3dv2okCWKL5RE-%2fC%3d-1%2fD%3dRMP%2fB%3d-1%2fV%3d0&U=12br6rgjl%2fN%3dtmokCWKL5RE-%2fC%3d-1%2fD%3dMNW%2fB%3d-1%2fV%3d0&U=12auqj121%2fN%3dumokCWKL5RE-%2fC%3d-1%2fD%3dRS%2fB%3d-1%2fV%3d0&U=12btsnii7%2fN%3du2okCWKL5RE-%2fC%3d-1%2fD%3dRS2%2fB%3d-1%2fV%3d0&Q=0&O=0.97797629191
90935 is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:03.143| The request GET http://ad.yieldmanager.com/pixel?id=365078&t=2 is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:03.143| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:13:03.143| The request GET http://ad.yieldmanager.com/pixel?id=365078&t=2 is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:03.246| The reply for GET http://ad.yieldmanager.com/pixel?id=365078&t=2 is ALLOWED, because it matched 'all'
2012/07/01 20:13:03.252| ConnStateData::swanSong: FD 19
2012/07/01 20:13:03.299| The reply for GET
 http://us.bc.yahoo.com/b?P=eRKOAWKL1cIRitGnT.7kIgclr465vE_wrvAACnqg&T=19tof1soj%2fX%3d1341173487%2fE%3d398300139%2fR%3dmail%2fK%3d5%2fV%3d1.1%2fW%3dJ%2fY%3dYAHOO%2fF%3d4027577007%2fH%3dY29udGVudD0ibm9fZXhwYW5kYWJsZTthamF4X2NlcnRfZXhwYW5kYWJsZTsiIHNlcnZlSWQ9ImVSS09BV0tMMWNJUml0R25ULjdrSWdjbHI0NjV2RV93cnZBQUNucWciIHNpdGVJZD0iNDQ1NDU1MSIgdFN0bXA9IjEzNDExNzM0ODc3MzI4NDgiIA--%2fI%3d1%2fS%3d1%2fJ%3d20D48B62&U=13f3568nn%2fN%3ds2okCWKL5RE-%2fC%3d289534.10180982.10848075.9860700%2fD%3dFOOT%2fB%3d4386606%2fV%3d1&U=13f0gi3m2%2fN%3dvGokCWKL5RE-%2fC%3d624324.13382200.13481658.12549985%2fD%3dSIP%2fB%3d5677390%2fV%3d1&U=12djembrm%2fN%3dvmokCWKL5RE-%2fC%3d-1%2fD%3dFSRVY%2fB%3d-1%2fV%3d0&U=12b97aqom%2fN%3dv2okCWKL5RE-%2fC%3d-1%2fD%3dRMP%2fB%3d-1%2fV%3d0&U=12br6rgjl%2fN%3dtmokCWKL5RE-%2fC%3d-1%2fD%3dMNW%2fB%3d-1%2fV%3d0&U=12auqj121%2fN%3dumokCWKL5RE-%2fC%3d-1%2fD%3dRS%2fB%3d-1%2fV%3d0&U=12btsnii7%2fN%3du2okCWKL5RE-%2fC%3d-1%2fD%3dRS2%2fB%3d-1%2fV%3d0&Q=0&O=0.97797629191
90935 is ALLOWED, because it matched 'all'
2012/07/01 20:13:03.315| ConnStateData::swanSong: FD 18
2012/07/01 20:13:10.657| The request GET http://us.mc1614.mail.yahoo.com/mc/showMessage?sMid=1&fid=Inbox&sort=date&order=down&startMid=0&filterBy=&.rand=121779917&midIndex=1&mid=2_0_0_1_166502_APTTi2IAAX%2BzT%2FCkcAet3iPYqiQ&fromId=therebel22@gmail.com is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:10.661| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:13:10.661| The request GET http://us.mc1614.mail.yahoo.com/mc/showMessage?sMid=1&fid=Inbox&sort=date&order=down&startMid=0&filterBy=&.rand=121779917&midIndex=1&mid=2_0_0_1_166502_APTTi2IAAX%2BzT%2FCkcAet3iPYqiQ&fromId=therebel22@gmail.com is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:17.871| ConnStateData::swanSong: FD 10
2012/07/01 20:13:17.899| The request GET http://us.mc1614.mail.yahoo.com/mc/showMessage?sMid=1&fid=Inbox&sort=date&order=down&startMid=0&filterBy=&.rand=121779917&midIndex=1&mid=2_0_0_1_166502_APTTi2IAAX%2BzT%2FCkcAet3iPYqiQ&fromId=therebel22@gmail.com is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:17.903| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:13:17.903| The request GET http://us.mc1614.mail.yahoo.com/mc/showMessage?sMid=1&fid=Inbox&sort=date&order=down&startMid=0&filterBy=&.rand=121779917&midIndex=1&mid=2_0_0_1_166502_APTTi2IAAX%2BzT%2FCkcAet3iPYqiQ&fromId=therebel22@gmail.com is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:20.170| ConnStateData::swanSong: FD 10
2012/07/01 20:13:20.200| The request GET http://us.mc1614.mail.yahoo.com/mc/showMessage?sMid=1&fid=Inbox&sort=date&order=down&startMid=0&filterBy=&.rand=121779917&midIndex=1&mid=2_0_0_1_166502_APTTi2IAAX%2BzT%2FCkcAet3iPYqiQ&fromId=therebel22@gmail.com is ALLOWED, because it matched 'localnet'
2012/07/01 20:13:20.200| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
2012/07/01 20:13:20.200| The request GET http://us.mc1614.mail.yahoo.com/mc/showMessage?sMid=1&fid=Inbox&sort=date&order=down&startMid=0&filterBy=&.rand=121779917&midIndex=1&mid=2_0_0_1_166502_APTTi2IAAX%2BzT%2FCkcAet3iPYqiQ&fromId=therebel22@gmail.com is ALLOWED, because it matched 'localnet'
Received on Mon Jul 02 2012 - 02:38:36 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 02 2012 - 12:00:02 MDT