Connection refused

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Connection refused

Mehmet, Levent (Accenture)


Hi

When I try and go to http://accenture.employeesavings.net/PhoneSpot

I get the following error


While trying to retrieve the URL:
http://www.dpbolvw.net/click-1753432-10411042 

The following error was encountered:

Connection to 127.0.0.1 Failed
The system returned:

    (111) Connection refused The remote host or network may be down.
Please try the request again.

Your cache administrator is webmaster.

The log says the following:  

1179806615.057    209 10.10.0.4 TCP_MISS/503 1488 GET
http://www.dpbolvw.net/cli                      ck-1753432-10411042 -
DIRECT/127.0.0.1 text/html

What does this mean

This email and any files transmitted with it are confidential. If you are not the intended recipient, any reading, printing, storage, disclosure, copying or any other action taken in respect of this email is prohibited and may be unlawful.

If you are not the intended recipient, please notify the sender immediately by using the reply function and then permanently delete what you have received.Incoming and outgoing email messages are routinely monitored for compliance with the Department of Healths policy on the use of electronic communications.

For more information on the Department of Healths email policy, click http://www.dh.gov.uk/DHTermsAndConditions/fs/en?CONTENT_ID=4110945&chk=x1C3Zw


The original of this email was scanned for viruses by the Government Secure Intranet Anti-Virus service supplied by Cable&Wireless in partnership with MessageLabs. (CCTM Certificate Number 2006/04/0007.) On leaving the GSi this email was certified virus free.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Kinkie
On 5/22/07, Mehmet, Levent (Accenture) <[hidden email]> wrote:

>
>
> Hi
>
> When I try and go to http://accenture.employeesavings.net/PhoneSpot
>
> I get the following error
>
>
> While trying to retrieve the URL:
> http://www.dpbolvw.net/click-1753432-10411042
>
> The following error was encountered:
>
> Connection to 127.0.0.1 Failed
> The system returned:
>
>     (111) Connection refused The remote host or network may be down.
> Please try the request again.

Someone has defined, in DNS  (but this doesn't seem to be the case) or
via /etc/hosts the IP address of www.dpbolvw.net to the loopback
address. Maybe someone is intentionally blackholing that site. Not
squid's fault or problem in any way.

--
    /kinkie
Reply | Threaded
Open this post in threaded view
|

SSL Proxy

Tisdale, Shea - Raleigh, NC - Contractor
I'm trying to setup Squid to serve as a standard proxy in front of an
application that uses both http and https to communicate.  Our
application uses http port 9999 to communicate to Squid and then Squid
communicates out to the world.  Http out to the world is working fine,
but https doesn't work at all.  What am I missing?

This is my config.

debug_options ALL,1 33,2
http_port 9999
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255

# who can talk with us
acl sourcesvrs src XXX.XXX.XXX.XXX/24

# where we can go
acl destinations dst "/squid/destinations.conf"

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443
acl SSL_ports port 4443 8443
acl http_out port 80
acl http_out port 4443 8443 9080
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 563         # snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl SSL method CONNECT

http_access allow manager localhost
http_access deny manager

# Deny requests to unknown ports
http_access deny !http_out

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports http
http_access allow sourcesvrs

# And finally deny all other access to this proxy
http_access deny all

# where can we go
http_access allow destinations
http_access allow destinations CONNECT SSL_PORTS


Reply | Threaded
Open this post in threaded view
|

Re: SSL Proxy

FamiLink Admin
I am not the expert but...

acl SSL_ports port 4443 8443

should be replaced with:

acl SSL_ports port 4443 8443 9999



Ryan Lamberton

----- Original Message -----
From: "Tisdale, Shea - Raleigh, NC - Contractor" <[hidden email]>
To: <[hidden email]>
Sent: Tuesday, May 22, 2007 6:51 AM
Subject: [squid-users] SSL Proxy


I'm trying to setup Squid to serve as a standard proxy in front of an
application that uses both http and https to communicate.  Our
application uses http port 9999 to communicate to Squid and then Squid
communicates out to the world.  Http out to the world is working fine,
but https doesn't work at all.  What am I missing?

This is my config.

debug_options ALL,1 33,2
http_port 9999
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255

# who can talk with us
acl sourcesvrs src XXX.XXX.XXX.XXX/24

# where we can go
acl destinations dst "/squid/destinations.conf"

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443
acl SSL_ports port 4443 8443
acl http_out port 80
acl http_out port 4443 8443 9080
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 563         # snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl SSL method CONNECT

http_access allow manager localhost
http_access deny manager

# Deny requests to unknown ports
http_access deny !http_out

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports http
http_access allow sourcesvrs

# And finally deny all other access to this proxy
http_access deny all

# where can we go
http_access allow destinations
http_access allow destinations CONNECT SSL_PORTS



Reply | Threaded
Open this post in threaded view
|

Re: SSL Proxy

Henrik Nordström
In reply to this post by Tisdale, Shea - Raleigh, NC - Contractor
tis 2007-05-22 klockan 08:51 -0500 skrev Tisdale, Shea - Raleigh, NC -
Contractor:
> I'm trying to setup Squid to serve as a standard proxy in front of an
> application that uses both http and https to communicate.  Our
> application uses http port 9999 to communicate to Squid and then Squid
> communicates out to the world.  Http out to the world is working fine,
> but https doesn't work at all.  What am I missing?

What does access.log say?

Regards
Henrik

signature.asc (316 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Connection refused

Mehmet, Levent (Accenture)
In reply to this post by Kinkie
Thanks

How would I resolve this as it is blocking sites we need access to ?

-----Original Message-----
From: Kinkie [mailto:[hidden email]]
Sent: 22 May 2007 14:03
To: Mehmet, Levent (Accenture)
Cc: [hidden email]
Subject: Re: [squid-users] Connection refused

On 5/22/07, Mehmet, Levent (Accenture) <[hidden email]>
wrote:

>
>
> Hi
>
> When I try and go to http://accenture.employeesavings.net/PhoneSpot
>
> I get the following error
>
>
> While trying to retrieve the URL:
> http://www.dpbolvw.net/click-1753432-10411042
>
> The following error was encountered:
>
> Connection to 127.0.0.1 Failed
> The system returned:
>
>     (111) Connection refused The remote host or network may be down.
> Please try the request again.

Someone has defined, in DNS  (but this doesn't seem to be the case) or
via /etc/hosts the IP address of www.dpbolvw.net to the loopback
address. Maybe someone is intentionally blackholing that site. Not
squid's fault or problem in any way.

--
    /kinkie

This email was received from the INTERNET and scanned by the Government
Secure Intranet Anti-Virus service supplied by Cable&Wireless in
partnership with MessageLabs. (CCTM Certificate Number 2006/04/0007.) In
case of problems, please call your organisations IT Helpdesk.
Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.

This email and any files transmitted with it are confidential. If you are not the intended recipient, any reading, printing, storage, disclosure, copying or any other action taken in respect of this email is prohibited and may be unlawful.

If you are not the intended recipient, please notify the sender immediately by using the reply function and then permanently delete what you have received.Incoming and outgoing email messages are routinely monitored for compliance with the Department of Healths policy on the use of electronic communications.

For more information on the Department of Healths email policy, click http://www.dh.gov.uk/DHTermsAndConditions/fs/en?CONTENT_ID=4110945&chk=x1C3Zw


The original of this email was scanned for viruses by the Government Secure Intranet Anti-Virus service supplied by Cable&Wireless in partnership with MessageLabs. (CCTM Certificate Number 2006/04/0007.) On leaving the GSi this email was certified virus free.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Amos Jeffries
Administrator
Mehmet, Levent (Accenture) wrote:
> Thanks
>
> How would I resolve this as it is blocking sites we need access to ?
>

I would suggest you NOT allow your customers or clients free access to
spamsites. Whoever nul-routed that domain seems to have a good reason
for it.
As a UK government official you should understand when I say Steve has
them Spamhaus listed.
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK6042

dpbolvw.net appears to be a domain owned by cj.com a subsidiary of
valueclick.com AKA hispeedmedia.com a well-known long-term spammer.
cj.com has with several hundred reports of click-thru spamming under
their belt already for just that site this month. themselves have
several thounsand reports and the more links down the chain the more it
blows out.
(Hint: to have a ROKSO report you *MUST* have been kicked off at least
*three* ISP for spamming abuse.)

Oh and in case you thought they might provide a service, they appear to
be using/selling the *free* google tracker service instead of their own
while claiming to be an 'original marketing information source'.

Amos


> -----Original Message-----
> From: Kinkie [mailto:[hidden email]]
> Sent: 22 May 2007 14:03
> To: Mehmet, Levent (Accenture)
> Cc: [hidden email]
> Subject: Re: [squid-users] Connection refused
>
> On 5/22/07, Mehmet, Levent (Accenture) <[hidden email]>
> wrote:
>>
>> Hi
>>
>> When I try and go to http://accenture.employeesavings.net/PhoneSpot
>>
>> I get the following error
>>
>>
>> While trying to retrieve the URL:
>> http://www.dpbolvw.net/click-1753432-10411042
>>
>> The following error was encountered:
>>
>> Connection to 127.0.0.1 Failed
>> The system returned:
>>
>>     (111) Connection refused The remote host or network may be down.
>> Please try the request again.
>
> Someone has defined, in DNS  (but this doesn't seem to be the case) or
> via /etc/hosts the IP address of www.dpbolvw.net to the loopback
> address. Maybe someone is intentionally blackholing that site. Not
> squid's fault or problem in any way.
>