Trouble accessing outlook.com

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Trouble accessing outlook.com

Danilo V
Hello, I'm having trouble accessing http://outlook.com through Squid.
The browser returns: Unable to connect (ERR_TUNNEL_CONNECTION_FAILED).
This problem is intermittent, it means that at some times it's all right.
Everything else is normal. Requests without proxy are allways OK.
I also tested using a clean installation of squid 3.4.8

- Access.log:
1520862206.753    492 10.32.12.250 TCP_MISS/301 506 GET http://outlook.com/ - HIER_DIRECT/40.97.161.50 -
1520862206.757      0 10.32.12.250 TCP_MISS/503 0 CONNECT www.outlook.com:443 - HIER_NONE/- -

- Cache.log
2018/03/12 10:43:43.505 kid1| Ip.cc(560) match: aclIpMatchIp: '10.32.12.250:56352' found
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: all = 1
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: http_access#1 = 1
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: http_access = 1
2018/03/12 10:43:43.505 kid1| Checklist.cc(55) markFinished: 0x7f0f1350ada8 answer ALLOWED for match
2018/03/12 10:43:43.505 kid1| Checklist.cc(155) checkCallback: ACLChecklist::checkCallback: 0x7f0f1350ada8 answer=ALLOWED
2018/03/12 10:43:43.505 kid1| Checklist.cc(62) preCheck: 0x7ffd6dda7e10 checking fast ACLs
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: (access_log daemon:/var/log/squid3/access.log line) = 1
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: access_log daemon:/var/log/squid3/access.log = 1
2018/03/12 10:43:43.505 kid1| Checklist.cc(55) markFinished: 0x7ffd6dda7e10 answer ALLOWED for match
2018/03/12 10:43:45.836 kid1| Checklist.cc(62) preCheck: 0x7ffd6dda7e10 checking fast ACLs
2018/03/12 10:43:45.836 kid1| Acl.cc(177) matches: checked: (access_log daemon:/var/log/squid3/access.log line) = 1
2018/03/12 10:43:45.836 kid1| Acl.cc(177) matches: checked: access_log daemon:/var/log/squid3/access.log = 1
2018/03/12 10:43:45.836 kid1| Checklist.cc(55) markFinished: 0x7ffd6dda7e10 answer ALLOWED for match

Any suggestions?

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Trouble accessing outlook.com

Yuri Voinov

3.4.8 is too ancient to correctly work with SSL.

At least upgrade to 3.5.27 first.


12.03.2018 20:03, Danilo V пишет:
Hello, I'm having trouble accessing http://outlook.com through Squid.
The browser returns: Unable to connect (ERR_TUNNEL_CONNECTION_FAILED).
This problem is intermittent, it means that at some times it's all right.
Everything else is normal. Requests without proxy are allways OK.
I also tested using a clean installation of squid 3.4.8

- Access.log:
1520862206.753    492 10.32.12.250 TCP_MISS/301 506 GET http://outlook.com/ - HIER_DIRECT/40.97.161.50 -
1520862206.757      0 10.32.12.250 TCP_MISS/503 0 CONNECT www.outlook.com:443 - HIER_NONE/- -

- Cache.log
2018/03/12 10:43:43.505 kid1| Ip.cc(560) match: aclIpMatchIp: '10.32.12.250:56352' found
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: all = 1
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: http_access#1 = 1
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: http_access = 1
2018/03/12 10:43:43.505 kid1| Checklist.cc(55) markFinished: 0x7f0f1350ada8 answer ALLOWED for match
2018/03/12 10:43:43.505 kid1| Checklist.cc(155) checkCallback: ACLChecklist::checkCallback: 0x7f0f1350ada8 answer=ALLOWED
2018/03/12 10:43:43.505 kid1| Checklist.cc(62) preCheck: 0x7ffd6dda7e10 checking fast ACLs
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: (access_log daemon:/var/log/squid3/access.log line) = 1
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: access_log daemon:/var/log/squid3/access.log = 1
2018/03/12 10:43:43.505 kid1| Checklist.cc(55) markFinished: 0x7ffd6dda7e10 answer ALLOWED for match
2018/03/12 10:43:45.836 kid1| Checklist.cc(62) preCheck: 0x7ffd6dda7e10 checking fast ACLs
2018/03/12 10:43:45.836 kid1| Acl.cc(177) matches: checked: (access_log daemon:/var/log/squid3/access.log line) = 1
2018/03/12 10:43:45.836 kid1| Acl.cc(177) matches: checked: access_log daemon:/var/log/squid3/access.log = 1
2018/03/12 10:43:45.836 kid1| Checklist.cc(55) markFinished: 0x7ffd6dda7e10 answer ALLOWED for match

Any suggestions?


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Trouble accessing outlook.com

Danilo V
I'm not using SSL.

Em seg, 12 de mar de 2018 às 11:06, Yuri <[hidden email]> escreveu:

3.4.8 is too ancient to correctly work with SSL.

At least upgrade to 3.5.27 first.


12.03.2018 20:03, Danilo V пишет:
Hello, I'm having trouble accessing http://outlook.com through Squid.
The browser returns: Unable to connect (ERR_TUNNEL_CONNECTION_FAILED).
This problem is intermittent, it means that at some times it's all right.
Everything else is normal. Requests without proxy are allways OK.
I also tested using a clean installation of squid 3.4.8

- Access.log:
1520862206.753    492 10.32.12.250 TCP_MISS/301 506 GET http://outlook.com/ - HIER_DIRECT/40.97.161.50 -
1520862206.757      0 10.32.12.250 TCP_MISS/503 0 CONNECT www.outlook.com:443 - HIER_NONE/- -

- Cache.log
2018/03/12 10:43:43.505 kid1| Ip.cc(560) match: aclIpMatchIp: '10.32.12.250:56352' found
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: all = 1
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: http_access#1 = 1
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: http_access = 1
2018/03/12 10:43:43.505 kid1| Checklist.cc(55) markFinished: 0x7f0f1350ada8 answer ALLOWED for match
2018/03/12 10:43:43.505 kid1| Checklist.cc(155) checkCallback: ACLChecklist::checkCallback: 0x7f0f1350ada8 answer=ALLOWED
2018/03/12 10:43:43.505 kid1| Checklist.cc(62) preCheck: 0x7ffd6dda7e10 checking fast ACLs
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: (access_log daemon:/var/log/squid3/access.log line) = 1
2018/03/12 10:43:43.505 kid1| Acl.cc(177) matches: checked: access_log daemon:/var/log/squid3/access.log = 1
2018/03/12 10:43:43.505 kid1| Checklist.cc(55) markFinished: 0x7ffd6dda7e10 answer ALLOWED for match
2018/03/12 10:43:45.836 kid1| Checklist.cc(62) preCheck: 0x7ffd6dda7e10 checking fast ACLs
2018/03/12 10:43:45.836 kid1| Acl.cc(177) matches: checked: (access_log daemon:/var/log/squid3/access.log line) = 1
2018/03/12 10:43:45.836 kid1| Acl.cc(177) matches: checked: access_log daemon:/var/log/squid3/access.log = 1
2018/03/12 10:43:45.836 kid1| Checklist.cc(55) markFinished: 0x7ffd6dda7e10 answer ALLOWED for match

Any suggestions?


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Trouble accessing outlook.com

Yuri Voinov

But your client do.


12.03.2018 20:19, Danilo V пишет:
1520862206.757      0 10.32.12.250 TCP_MISS/503 0 CONNECT www.outlook.com:443 - HIER_NONE/- -

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Trouble accessing outlook.com

Yuri Voinov

I've just tried to reproduce your issue on my Squid 5.0.0.

1. First browser goes to http://outlook.com

2. Server redirects it to https://outlook.com, and, then redirect to https://outlook.live.com/owa/

3. I have outlook.com and outlook.live.com in my splice ACL (I'm using SSL bump, yes).

4. Before outlook.live.com, browser goes via

1520865842.280   6994 192.168.201.10 TCP_MISS/200 364906 GET https://r1.res.offi
ce365.com/owalanding/v1.16/images/landing-macbook.png - HIER_DIRECT/23.45.97.45
image/png

4. After this, https://outlook.live.com/owa/ correctly opens.

So, when I splice both domains on step 2, they are tunnels and, finally, I've passed to outlook web interface.


12.03.2018 20:21, Yuri пишет:

But your client do.


12.03.2018 20:19, Danilo V пишет:
1520862206.757      0 10.32.12.250 TCP_MISS/503 0 CONNECT www.outlook.com:443 - HIER_NONE/- -

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Trouble accessing outlook.com

Danilo V
I've tested on 3.5.23 and everything is ok. The issue is in the squid version.
Thank you Yuri!

Best,
Danilo

Thanks. I will test on 
Em seg, 12 de mar de 2018 às 11:47, Yuri <[hidden email]> escreveu:

I've just tried to reproduce your issue on my Squid 5.0.0.

1. First browser goes to http://outlook.com

2. Server redirects it to https://outlook.com, and, then redirect to https://outlook.live.com/owa/

3. I have outlook.com and outlook.live.com in my splice ACL (I'm using SSL bump, yes).

4. Before outlook.live.com, browser goes via

1520865842.280   6994 192.168.201.10 TCP_MISS/200 364906 GET https://r1.res.offi
ce365.com/owalanding/v1.16/images/landing-macbook.png - HIER_DIRECT/23.45.97.45
image/png

4. After this, https://outlook.live.com/owa/ correctly opens.

So, when I splice both domains on step 2, they are tunnels and, finally, I've passed to outlook web interface.


12.03.2018 20:21, Yuri пишет:

But your client do.


12.03.2018 20:19, Danilo V пишет:
1520862206.757      0 10.32.12.250 TCP_MISS/503 0 CONNECT www.outlook.com:443 - HIER_NONE/- -

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Trouble accessing outlook.com

Yuri Voinov

You are welcome ;)

Always consider upgrade first :)


13.03.2018 01:08, Danilo V пишет:
I've tested on 3.5.23 and everything is ok. The issue is in the squid version.
Thank you Yuri!

Best,
Danilo

Thanks. I will test on 
Em seg, 12 de mar de 2018 às 11:47, Yuri <[hidden email]> escreveu:

I've just tried to reproduce your issue on my Squid 5.0.0.

1. First browser goes to http://outlook.com

2. Server redirects it to https://outlook.com, and, then redirect to https://outlook.live.com/owa/

3. I have outlook.com and outlook.live.com in my splice ACL (I'm using SSL bump, yes).

4. Before outlook.live.com, browser goes via

1520865842.280   6994 192.168.201.10 TCP_MISS/200 364906 GET https://r1.res.offi
ce365.com/owalanding/v1.16/images/landing-macbook.png - HIER_DIRECT/23.45.97.45
image/png

4. After this, https://outlook.live.com/owa/ correctly opens.

So, when I splice both domains on step 2, they are tunnels and, finally, I've passed to outlook web interface.


12.03.2018 20:21, Yuri пишет:

But your client do.


12.03.2018 20:19, Danilo V пишет:
1520862206.757      0 10.32.12.250 TCP_MISS/503 0 CONNECT www.outlook.com:443 - HIER_NONE/- -

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

signature.asc (673 bytes) Download Attachment