Trouble with an app

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Trouble with an app

Roberto Nunnari

Hello.

 

I work in secondary school and our access to internet is protected in two points:

1)      Squid proxy (I manage this)

2)      Internet service provider (they change *.google.com ssl certificate with zscaler)

 

We install these zscaler certificates on all our clients, but I believe this java app doesn’t care to use it.

 

Now, can somebody explain these logs to me, please?

 

Thank you and best regards.

Roberto

 

 

Fri Oct  9 15:44:41 2020.521      1 10.20.8.212 TCP_DENIED/407 4076 CONNECT google.ch:443 - HIER_NONE/- text/html

Fri Oct  9 15:44:41 2020.534      4 10.20.8.212 TCP_DENIED/407 4445 CONNECT google.ch:443 - HIER_NONE/- text/html

Fri Oct  9 15:44:41 2020.660    122 10.20.8.212 TCP_TUNNEL/200 3552 CONNECT google.ch:443 CPT\\docente.test HIER_DIRECT/216.58.215.227 -

Fri Oct  9 15:44:41 2020.756     92 10.20.8.212 TCP_TUNNEL/200 4742 CONNECT google.com:443 - HIER_DIRECT/172.217.168.14 -

Fri Oct  9 15:44:52 2020.461      0 10.20.8.212 NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -

Fri Oct  9 15:45:02 2020.746      0 10.20.8.212 NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -

Fri Oct  9 15:45:12 2020.995      0 10.20.8.212 NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -

Fri Oct  9 15:45:22 2020.995      0 10.20.8.212 NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -

Fri Oct  9 15:45:23 2020.411      0 10.20.8.212 TCP_DENIED/407 4076 CONNECT google.ch:443 - HIER_NONE/- text/html

Fri Oct  9 15:45:23 2020.417      3 10.20.8.212 TCP_DENIED/407 4445 CONNECT google.ch:443 - HIER_NONE/- text/html

Fri Oct  9 15:45:24 2020.023    603 10.20.8.212 TCP_TUNNEL/200 3552 CONNECT google.ch:443 CPT\\docente.test HIER_DIRECT/216.58.215.227 -

Fri Oct  9 15:45:24 2020.107     81 10.20.8.212 TCP_TUNNEL/200 4742 CONNECT google.com:443 - HIER_DIRECT/172.217.168.14 –

 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Trouble with an app

Amos Jeffries
Administrator
On 10/10/20 2:54 am, Roberto Nunnari wrote:

> Hello.
>
>  
>
> I work in secondary school and our access to internet is protected in
> two points:
>
> 1)      Squid proxy (I manage this)
>
> 2)      Internet service provider (they change *.google.com ssl
> certificate with zscaler)
>
>  
>
> We install these zscaler certificates on all our clients, but I believe
> this java app doesn’t care to use it.
>
>  
>
> Now, can somebody explain these logs to me, please?
>

Sure:

>
> Fri Oct  9 15:44:41 2020.521      1 10.20.8.212 TCP_DENIED/407 4076
> CONNECT google.ch:443 - HIER_NONE/- text/html
>

Client sent a CONNECT request to the proxy. It did not have credentials,
so Squid responded with a 407 message informing it that credentials are
required.


> Fri Oct  9 15:44:41 2020.660    122 10.20.8.212 TCP_TUNNEL/200 3552
> CONNECT google.ch:443 CPT\\docente.test HIER_DIRECT/216.58.215.227 -
>

Client sent CONNECT requests with credentials.
Squid opened a tunnel to the relevant server as requested by client.
Client spent 122ms using the tunnel for something.


> Fri Oct  9 15:44:52 2020.461      0 10.20.8.212 NONE/000 0 NONE
> error:transaction-end-before-headers - HIER_NONE/- -
>

Client opened TCP connection to the proxy. Then closed it.

This is fairly common side effect of "Happy Eyeballs" behaviour where
clients open multiple connections and only use the first to succeed.

Or possibly the client had some other reason for closing. The log record
is just informative so you know it is happening and useful to explain
many sockets having TCP TIME_WAIT status if that becomes a problem.


HTH
Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

R: Trouble with an app

Roberto Nunnari
Hi Amos.

Thank you for your help.

Could it be that the client received the zscaler certificate and because it's wrong for google it closed the connection?
Unfortunately, the logs on the client don't show no clue about it..

Thank you and best regards.
Roberto



-----Messaggio originale-----
Da: squid-users <[hidden email]> Per conto di Amos Jeffries
Inviato: domenica, 11 ottobre 2020 02:41
A: [hidden email]
Oggetto: Re: [squid-users] Trouble with an app

On 10/10/20 2:54 am, Roberto Nunnari wrote:

> Hello.
>
>  
>
> I work in secondary school and our access to internet is protected in
> two points:
>
> 1)      Squid proxy (I manage this)
>
> 2)      Internet service provider (they change *.google.com ssl
> certificate with zscaler)
>
>  
>
> We install these zscaler certificates on all our clients, but I
> believe this java app doesn’t care to use it.
>
>  
>
> Now, can somebody explain these logs to me, please?
>

Sure:

>
> Fri Oct  9 15:44:41 2020.521      1 10.20.8.212 TCP_DENIED/407 4076
> CONNECT google.ch:443 - HIER_NONE/- text/html
>

Client sent a CONNECT request to the proxy. It did not have credentials, so Squid responded with a 407 message informing it that credentials are required.


> Fri Oct  9 15:44:41 2020.660    122 10.20.8.212 TCP_TUNNEL/200 3552
> CONNECT google.ch:443 CPT\\docente.test HIER_DIRECT/216.58.215.227 -
>

Client sent CONNECT requests with credentials.
Squid opened a tunnel to the relevant server as requested by client.
Client spent 122ms using the tunnel for something.


> Fri Oct  9 15:44:52 2020.461      0 10.20.8.212 NONE/000 0 NONE
> error:transaction-end-before-headers - HIER_NONE/- -
>

Client opened TCP connection to the proxy. Then closed it.

This is fairly common side effect of "Happy Eyeballs" behaviour where clients open multiple connections and only use the first to succeed.

Or possibly the client had some other reason for closing. The log record is just informative so you know it is happening and useful to explain many sockets having TCP TIME_WAIT status if that becomes a problem.


HTH
Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: R: Trouble with an app

Amos Jeffries
Administrator
On 13/10/20 8:59 pm, Roberto Nunnari wrote:
> Hi Amos.
>
> Thank you for your help.
>
> Could it be that the client received the zscaler certificate and because it's wrong for google it closed the connection?
> Unfortunately, the logs on the client don't show no clue about it..
>

That is possible too. Though the logs says 0 bytes were transferred on
the connection. So I am thinking unlikely.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users