This page is READ-ONLY. It is generated from the old site.
All timestamps are relative to 2013 (when this page is generated).
If you are looking for TeX support, please go to VietTUG.org

squidGuard tricks firefox and squid 2.7

a strange issue
Added by about 3 years ago  »  Votes: 1/1

I have a local caching proxy that uses Squid 2.7. I also use squidGuard to block http://ssl.google-analytics.com and https://ssl.google-analytics.com because I don't want Google to track my activities.

The problem was that I couldn't access to https://gmail.com/. Using Firefox's tool, I found that when Firefox loaded https://gmail.com/, it waited for the file https://ssl.google-analytics.com/ga.js until the session's expired. Please note that the accessing to non-secure file (http://ssl.google-analytics.com/ga.js) was normal.

--

I used curl to get the following verbose information

$ curl -v --proxy localhost:3128 https://ssl.google-analytics.com/

* About to connect() to proxy localhost port 3128 (#0)
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 3128 (#0)
* Establish HTTP proxy tunnel to ssl.google-analytics.com:443
> CONNECT ssl.google-analytics.com:443 HTTP/1.1
> Host: ssl.google-analytics.com:443
> User-Agent: curl/7.19.7
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 504 Gateway Time-out
< Server: squid
< Date: Sat, 13 Mar 2010 10:27:24 GMT
< Content-Type: text/html
< Content-Length: 1112
< X-Squid-Error: ERR_DNS_FAIL 0
<
* Received HTTP code 504 from proxy after CONNECT
* Closing connection #0
curl: (56) Received HTTP code 504 from proxy after CONNECT

As reported, this was a DNS problem. This was so strange as my dns resolver works well and it can resolve ssl.google-analytics.com within 1 seconds. I tried to modify dns settings in squid.conf but I still got the same problem.

I used a special log_format in Squid setting and found that Squid was tricked:

127.0.0.1 - - [13/Mar/2010:17:29:44 +0700] "(127.0.0.2) CONNECT localhost:443 HTTP/1.1" 200 3954 TCP_MISS:DIRECT
127.0.0.1 - - [13/Mar/2010:17:29:54 +0700] "(-) CONNECT ssl.google-analytics.com:443 HTTP/1.1" 404 0 TCP_MISS:DIRECT
                                            ^^^
                                      squid was tricked

The first line shows that Squid connected successfully to my site https://localhost/ (IP: 127.0.0.1), and the second line shows that ssl.google-analytics.com was mapped to an undefined address. Because - isn't an valid IP address, Squid failed to fetch contents. And Firefox was tricked too.

I don't know much how SquidGuard and squid work together, but I think that squidGuard fed squid with a very bad stuff :P. I also think that there's a problem with Firefox (the buggy 3.5.7). I mean it would have understood the proxy error's code.

Firefox ----> squid --> squidGuard --> bad IP address ---->\
  \                                                         |
   \<--- squid returns ERR_DNS_FAIL <-- squid dnscache <---/

How to solve this problem? I just removed google-analytics from squidGuard setting and changed my DNS resolver so that ssl.google-analytics was mapped to 127.0.0.1 :))


Comments