-> Then I configure firefox to use system proxy settings, but when I try to google something or visit debian-fr.org, it doesn't work (no reponse from the proxy). But my squid's configuration seems to be ok:
> I'm using squid (4.6) on my server (debianedu buster LTSP), and I'm
> trying to configure a parent proxy.
> At first, when I configure the client's firefox (manual proxy
> configuration) with the ip and port of the parent proxy, it's ok, I can
> surf on the internet.
> But I would like to configure my server's Squid Proxy to forward to a
> parent proxy (172.16.103.254:3128)
> -> So I add these two lines at the end of squid.conf:
> cache_peer 172.16.103.254 parent 3128 0 no-query no-digest
> never_direct allow all
> -> And restart squid. It seems to be ok:
> # cat /var/log/squid/cache.log
> 2020/06/23 09:51:12 kid1| Configuring Parent 172.16.103.254/3128/0
> -> Then I configure firefox to use system proxy settings, but when I try
> to google something or visit debian-fr.org, it doesn't work (no reponse
> from the proxy).
That is odd. The log shows a 403 response being delivered by the parent
proxy and delivered to Firefox.
Browsers refuse to display proxy responses on CONNECT requests. So the
first is expected. But the second one using http:// should be shown.
> But my squid's configuration seems to be ok:
> # cat /var/log/squid/access.log
> 1592921221.753 138 10.0.2.2 TCP_TUNNEL/403 361
> CONNECT www.google.com:443 <http://www.google.com:443/> -
> FIRSTUP_PARENT/172.16.103.254 -
> 1592921275.641 521 10.0.2.2 TCP_MISS/403 4289
> GET http://www.debian-fr.org/ - FIRSTUP_PARENT/172.16.103.254 text/html
> 1592921275.692 0 10.0.2.2 TCP_HIT/200 13072 GET
> Is it possible that the squid parent refuse to have "a child" ?
Maybe. You will need to know the parent proxy configuration to tell
that. All that is visible from the detail you have shown is that parent
proxy has forbidden the requests it is receiving.
On 28/06/20 3:09 am, [hidden email] wrote:
> I've noticed one more difference between the CONNECT packets (it appears
> in the HTTP layer):
> If you have any idea to help me to fix this ....