Cannot access web servers with a specific browser

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Cannot access web servers with a specific browser

Vieri
Hi,

Before digging into the whole squid configuration, I'd like to know what the following line means:

NONE_ABORTED/200 0 CONNECT 216.58.211.36:443 - HIER_NONE/- -

I get this when trying to access a web page with a specific browser (Google Chrome).

However, from the exact same client host, any other browser works fine (IE, Firefox) and I get this in the cache log:

NONE/200 0 CONNECT 216.58.211.36:443 - ORIGINAL_DST/216.58.211.36 -

along with many other log messages that follow.

So what does NONE_ABORTED mean and what should I search for to fix this so the client can use Chrome?

Thanks,

Vieri

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Cannot access web servers with a specific browser

Walter H.
On 14.09.2020 14:50, Vieri wrote:

> Hi,
>
> Before digging into the whole squid configuration, I'd like to know what the following line means:
>
> NONE_ABORTED/200 0 CONNECT 216.58.211.36:443 - HIER_NONE/- -
>
> I get this when trying to access a web page with a specific browser (Google Chrome).
>
> However, from the exact same client host, any other browser works fine (IE, Firefox) and I get this in the cache log:
>
> NONE/200 0 CONNECT 216.58.211.36:443 - ORIGINAL_DST/216.58.211.36 -
>
> along with many other log messages that follow.
>
> So what does NONE_ABORTED mean and what should I search for to fix this so the client can use Chrome?
>
What about Microsoft Edge?

(especially the chromium based one)

as I see you don't do SSL-bump,

could it be that the clients (Chrome) capability of useable ciphersuites
may not confirm to the ones offered by the server; the reason for
'NONE_ABORTED'?

Walter



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Cannot access web servers with a specific browser

Vieri

On Monday, September 14, 2020, 4:00:30 PM GMT+2, Walter H. <[hidden email]> wrote:


>> So what does NONE_ABORTED mean and what should I search for to fix this so the client can use Chrome?
>>
> What about Microsoft Edge?

The client is Windows 7, so no Edge.
So I got hold of a Windows 10 client and tried Edge there. I got the same NONE_ABORTED issue while every other non-chromium browser works fine.

> as I see you don't do SSL-bump,

I am. I could send the whole config here. I also set up an explicit proxy, but it seems I'm having issues with kerberos. As a side question, how can one test negotiate_kerberos_auth on the command line? I run:
# /usr/libexec/squid/negotiate_kerberos_auth -s HTTP/fqdn@DOMAIN
WRITE_SOMETHING
BH Invalid request

What is the format/syntax of WRITE_SOMETHING?

I'd like to try the explciit proxy instead of ssl-bump to see if there's a difference.
Still, the Firefox and Chrome clients are in the same conditions and only one is failing.

> could it be that the clients (Chrome) capability of useable ciphersuites
> may not confirm to the ones offered by the server; the reason for
> 'NONE_ABORTED'?

If I let the clients by-pass the Squid proxy and connect directly to the servers the web pages are properly accessed -- no issues.

Thanks,

Vieri
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Cannot access web servers with a specific browser

Alex Rousskov
In reply to this post by Vieri
On 9/14/20 8:50 AM, Vieri wrote:

> I get this when trying to access a web page with a specific browser (Google Chrome).

What is your Squid version? Does it have a fix for GREASE support as
detailed in https://github.com/squid-cache/squid/pull/663 ?

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Cannot access web servers with a specific browser

Vieri

On Monday, September 14, 2020, 6:01:43 PM GMT+2, Alex Rousskov <[hidden email]> wrote:


>> I get this when trying to access a web page with a specific browser (Google Chrome).
>
> What is your Squid version? Does it have a fix for GREASE support as
> detailed in https://github.com/squid-cache/squid/pull/663 ?

I have squid-4.12.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Cannot access web servers with a specific browser

Alex Rousskov
On 9/14/20 12:08 PM, Vieri wrote:

> On Monday, September 14, 2020, 6:01:43 PM GMT+2, Alex Rousskov wrote:

>>> I get this when trying to access a web page with a specific browser (Google Chrome).

>> What is your Squid version? Does it have a fix for GREASE support as
>> detailed in https://github.com/squid-cache/squid/pull/663 ?

> I have squid-4.12.

.. which means that the answer to my second question is "no". You need
to upgrade to Squid v4.13 (for several reasons).

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Cannot access web servers with a specific browser

Vieri

On Monday, September 14, 2020, 9:22:52 PM GMT+2, Alex Rousskov <[hidden email]> wrote:


>> I have squid-4.12.
>
> .. which means that the answer to my second question is "no". You need
> to upgrade to Squid v4.13 (for several reasons).

As simple as that.
Thank you very much. I can confirm that fixed the issue.

Vieri
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users