ERRO NA SQUID3 AUTENTICADO

1. ERRO NA SQUID3 AUTENTICADO

jcbusnello
(usa Debian)

Enviado em 04/07/2016 - 11:33h

Estou com problema no envio de solicitações pelo programa ERP da empresa ele tem sistema de solicitações mas quando chega a hora de enviar a solicitação. ele da erro da comunicação e pelos log do squid3 ele nega o envio da mesma como exemplo abaixo.

1467640574.255 1121 10.1.1.5 TCP_MISS/200 1158 POST http://portal.tecnicon.com.br:8080/Tecnicon/ControllerAjax? - DIRECT/187.5.208.202 text/html
1467640583.951 106 10.1.1.5 TCP_MISS/200 584 POST http://portal.tecnicon.com.br:8080/Tecnicon/ControllerAjax? - DIRECT/187.5.208.202 text/html
1467640584.400 413 10.1.1.5 TCP_MISS/200 6892 POST http://idema.ddns.net:8080/Tecnicon/Controller? jean DIRECT/177.44.229.254 text/html
1467640584.424 0 10.1.1.5 NONE/400 11694 POST http://portal.tecnicon.com.br:8080/Tecnicon/ControllerAjax?s=LX7olOPZ5Xm7p%2BPXrd9DRQR7z%2B5DWH7YSodiALLxSaYmaPIBAp6PpSPnfV20oChlgtlI%2F%2BdhctlLBzGzFEIzG61%2BZVl%2BWwI217TxYIrNNP8XCCoFXj0CwT6HdEIhhG0oJDoFJ1Yh0M3nloJZgj6CD%2FONleC66kNVd6YkEWU4FfZjZ6hB4rLLPeCIbniRnn4aVWp0G9iE4RzVPuV0JC0BYi9D542R009fc4agJBHjMQ33eu8rlb9TQBJ31AoYxfbzYx0qWZCbg4so9mPC2%2BrhEI2m2VI78TBOzo%2BYwX2gPeD%2BfWJ2arEiw820M3avkgUVIBuFju9id6%2FN4tTrqmfSm0eQ8mdllJKOCIKZTRylRyIe%2F6lT%2Fws2h8Lr2ardPoR0HeHwVKX25dTuT03kngfk%2Fskc%2BnpWIG0t6EOBHM746IomSYteSwJTb3AGtgQSjzfRR%2FbLWInn%2FjqyNMeHdIx7DhyjjqiqBZ1JCK4ErPrm52hv7oUtRDpAaz0aA9NpR459hNNaFGplEOMdJQiKM6PKTFTN15MWE%2B13gougFOyJJYqZCfivplCDYe2zISedyd%2F6R6T0RuhIvzqcQgxugVgh5eY01AuZvztJepe%2Bbck9OICfvtT3vq%2FPOV0YCl3L%2FiTSdbgdq5yNXMWHySJpeQmHb%2F2%2FpLnWbh43bGGnyT1c4L60P2YfQZPtCmxVaG15qrAq23NfefyWysn8vhaWAuNXUQ7pRrO%2BqVuu2f63aNaCeGG0yENT6Dy0o9gYYves1kN5XkvxY2OkoQpuO%2F47sr%2FFESSjuEoV2PQT39vPQb5X4xEIFblmC9rO5Y4ufc51oSQ%2FM9t0n4SY17mS3JfYOSpXfvKdW0Wei6j7wVChEEOD5VNLVSfYFYC2I9gCeWbRtxjyXWMxe4Je1YOim%2FL7Vf3kltIHB6rf5lj2blpq0yef4u4vDBMEnPRZQmEE876CvHZe774du2a86u2Kb5%2B2jnPTkGkbYgAtSQfKOzY9uK95z3YGVTBQ128JO%2Bjhv6M6NNcmtGyTRXCxNn58DoXuyMZMk0qfRJj6MsEukhww33FLVVxO0s5dev05NyqI0QgCqJS9cyuNbFqjrdELgGcFRyYDQCFYupaY1zaLHmsc8BDm%2BN5YqvlvejBpBFCHZjBv4dwG4DdmSajSHvb%2BvoaDOfWPF2%2FEaygjrng38TLdVecSs%2BZjyiWn%2BWGQjM6M5R7csNi4%2BywTzes%2BYTv74GYrWlGzNr5B8CJLMiKPGQzliSjQTDaYHI1oeoi1uiCQtnnJiFPoG4VoFmlZQcomQmBe8MrHDxNzIs%2Bqy9rGkUoiz6yjAwXHwYMcNkI51d3fsqwCJkIxUup9j8SziB%2BzEWvuRq38nm9xjg3mBBgZJGGpfA8P%2BokgcKLqPx4OI99pJCKdXo%2BbBywdKSEOtqC5t0Ndoj%2BWQ8fBcmrI0Sz%2BTrmD37bkaLNHgZqRUABPnVkWfvAoWLvZs2sDtUMGmK1Q3HF3gr0mJ8hrbxsDmQOHzzV9WOM48qmP1NpEK7ZqJBvWjw75t8FUnz%2FfQaAVoOIIK0tYGyYHQdaZwZ7JLYrjM9COOUievqCxCj1f3dekkFmREpbU7DukUEnPK8Q3Szt9yDUHYjJ4AYrrWjo%2B9xO2Op0Q7fiRtGXSi6WQV8BrmuCurP%2FM62ZIknCu%2FIrXikWHRU5p2IRXJEbwtcgAYDBE7MM7QUuAgIP3L2s6Ch1%2B2fT9JW84zcg5ryZmLOT20XlsoxCr4j%2BNbjC23gQ3eYB53ZMkA8vQ%2FGpBUW1mt4ZJo8%2BwVa3DkVB2Mi0WqI8XH%2BY2ehytKwk9OEgOJg6%2F%2BYRLjczEGTxX%2BUdmxhbotjiv1LZs5%2BgA3YpYEymIfacrXJIw6%2B%2B0Z8uyoGNOX6rCR4mtDWigMp6%2F%2BEqbUFPNQlt3IqvjlafoEsjjk67%2F9dbbllXIX3tSAjm5JRCK78d11kNiHGcLgRl2UB20p5Gu%2FMaOWAsMxjbM8WJgxcPmcOEQ861Qaf2BkjxhJs8E9dJEUh5U6Msbd5hX%2FKCrwynhEpraxeiqjCfMo%2Bqbhgqz0JvQIeHDWUyzx7IuptkC1Ec4WCmN6YBbLugk6xUHiTJLbH2EuuQVUAWwBeFNVZxjDkC9bXLIyPyCvHztQ7%2FaFB9daA3MtFID5jngYFNwd%2BFDyQESK%2BcsA8KWD4Wvrwil5k3Y1RiUNge5ZnqSXwbncIZ3OvvRJmEgyUQl2sUbRPR0X3ig6HVJh2baxoaQAVWv76SguJEeYuwkckWEF%2FQ7OTRrlYJUKgt3MQ6QdlSvNtbsTEyEo1mSR5QhMqzqkxqk6GaMzKcqFHMZp8HftHxnVkO9U4gYtLZbC1%2Fm9oq4Kym92KDegP7nrFWg66umw3Y%2F4HlyVhAyLK2Ds9rFMfX6HxzV9Ym%2B70sDrFCGbGJ2I6AYvbOdBbTPFLcjK%2BLGc5eEGi6p%2BP6ULdRTNSr8kF%2FcAOKgrSdPIddNNqK51A9AFo31jaF%2B%2BwThmsvZnRCahyMf0RjWZdUKGakhMagoCj4SSpew2nv9KEXLaPGtc9g57kah3Vaw5kiOqeBDfvTVfCNptyW4TxhT%2FTCWRomDUXSLWxWRbPg%2FRGrWcmkeZ4FZk2YVADCRg262FRbvK1crD2ZWtZj%2FjkVAVTrdAHCjHqDOIN0Qtt4a1twQfl12X17lKY858KP%2FHQWt2ZCwaqCTObJ2%2FG6PeilbgGR7uxElFc%2BWNNiCL%2Bp9wf9v0OJSk3CVeQGRPKG1v9W1PuSHZwkrN8g6zNELPw3yjkoC3gy2q7h2RZTbw2rCvdhkOciMDV40qVsWN7gYZHgpwoHB%2Fjfh5Z%2FYux74b1Fj9I0PACW06IoJbIbsc0v%2Bmqdn9CvvWieIkXNY9MjP34BbpSVFELDYI914w0G%2B9LEP1KQ2Ndy8ywzUCXqCADYt2%2B%2BU0ACTfzipuOaImQ%2BYiUgfhbT8%2FC3K3tCYL1%2F7ewyo9LZjMgRVe9f8qQw%2BqDqyF%2BjoGsrtzjF%2FjHtoz4QnROu9%2FrEx015niwu0AfyYunZlhHKhPUXwvlVxTk6TDu2VfS9N6ljSakrDYU0V0FrTqXVZwSYun%2FhP6mKwIn%2BOV9J5ru74W1CWh3hTc93XnDOkQOR5GbAA2%2BtAGT7CdopMAFYLAzVWHWD9CDt0FoIEwdPm5hcypmczGOl9wvoYcNQTuyjOM48ntActqO6ig%2FCg1vAukwBwJytRXj%2Bj76Ga%2B%2BYgPv4DjX3mv9SCbzVwJbA0CjSYne3m4u76eSxlKvgdj%2Bhqw%2FTUrTqns1OMg57XjdU8VqfVPLP1pS5zNQ1t0JG5zdAg2z8dZ%2FTfcmOhWsNN8rXkuXKaQzPDK41Z58ZxMQGYP7MJWyVyekqlwHC2Nwd7ldYk4RPyVuZnaf3iwapZv6sCNQVAwN1ZXXgNWu2abcaiY26wUhczV3JlztmbtrZGUW%2FlpARapysB%2BwB5gAItTpzDz1bhcLkq69IcdtN0CwTvYvZOhjDDYKpSWw6CC2fJjAN1q2WFKKjkIHFhBL%2Buexsl9BIXZ3A%2B0DFrvRUcAXtJkzcaByiYjY2W7oHuSTgow63tDpS1F6n0p32hEQUHIFhdM4uRXKUWBRF60icDbeYq3%2BOyixuic2QwVOp7fWWoGkamUwf5euklslBoD8NAuqhjXlBwFOUaXPSb4NgXXD2ELwsXRq6sS3N%2FSYoKmpN%2F8P8Yyw2ZrAoTU2XBHMwmvUSEHtl4r6kRf%2BaUjaPsAZbSn5wNaTJs62pTy7Pool5BM5DLRPfV7yVBuSbJX7TwMGUdMabhpzmdOyL3kI6F1es7jlr%2BNnGuOty27%2 - NONE/- text/html
1467640756.134 532 10.1.1.5 TCP_MISS/200 9165 POST http://idema.ddns.net:8080/Tecnicon/Controller? jean DIRECT/177.44.229.254 text/html
1467640765.058 243386 10.1.1.5 TCP_MISS/200 60134 CONNECT www.google.com.br:443 jean DIRECT/172.217.29.67 -

0 0

Quote

2. Re: ERRO NA SQUID3 AUTENTICADO

ncampos
(usa Debian)

Enviado em 05/07/2016 - 15:42h

Ja verificou se a porta 8080 esta liberada para saida?
tente acessar via navegador com o usuario "jean" o link http://portal.tecnicon.com.br:8080/Tecnicon/ControllerAjax ,caso retornar erro como "tempo esgotado" libere na ACL de sites sem autenticação (caso voce possua a acl).

0 0

Quote

3. Re: ERRO NA SQUID3 AUTENTICADO

jcbusnello
(usa Debian)

Enviado em 05/07/2016 - 16:55h

ncampos escreveu:

Ja verificou se a porta 8080 esta liberada para saida?
tente acessar via navegador com o usuario "jean" o link http://portal.tecnicon.com.br:8080/Tecnicon/ControllerAjax ,caso retornar erro como "tempo esgotado" libere na ACL de sites sem autenticação (caso voce possua a acl).

opa tudo bem !!! fiz isso e retorna vou postar os meus arquivos squid.conf

###########################PROXY JEAN BUSNELLO #######################################
http_port 3128
visible_hostname PROXYAGRIMEC

########### REGRAS DE CACHE ######################
cache_mem 512 MB
maximum_object_size_in_memory 128 KB
maximum_object_size 128 MB
minimum_object_size 0 KB

cache_swap_low 90
cache_swap_high 95

cache_dir ufs /var/spool/squid3 2048 16 256
logformat squid3 %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
cache_access_log /var/log/squid3/access.log
cache_mgr info@agrimec.com.br
error_directory /usr/share/squid3/errors/pt-br

refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280

#############CACHE WINDOWS UPDATE#################
refresh_pattern -i update.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft) 4320 80% 432000 reload-into-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft) 4320 80% 432000 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft) 4320 80% 432000 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft) 4320 80% 432000 reload-into-ims
refresh_pattern -i c2r.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft) 4320 80% 432000 reload-into-ims
refresh_pattern -i download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft) 4320 80% 432000 reload-into-ims
############ FIM CACHE WINDOWS#############

##################AUTENTICAÇÃO SERVIDOR###########################
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm Para obter login e senha solicite o administrador da rede
auth_param basic credentialsttl 3 hours
auth_param basic casesensitive on

##################FIM############################################

##############PORTAS SEGURAS PARA O PROXY #############
acl SSL_ports port 443 563 873 # https
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 407 # msn
acl Safe_ports port 25 # smtp
acl Safe_ports port 110 # pop
acl Safe_ports port 995 # popseg
acl Safe_ports port 465 # smtpseg
######################### FIM ########################

######################regras#########################
################################################
#### Liberando IP'S ####
################################################

acl ipsliberados src "/etc/squid3/ipsliberados.conf"
http_access allow ipsliberados
#################################################
############ REGRAS DE AUTENTICAÇÃO #############
#################################################
acl password proxy_auth REQUIRED
#http_access allow password
acl usuarios_limitado proxy_auth "/etc/squid3/limitado"
acl usuarios_diretoria proxy_auth "/etc/squid3/diretoria"
acl usuarios_operacional proxy_auth "/etc/squid3/operacional"
acl usuarios_adm proxy_auth "/etc/squid3/administracao"
################ Fim ###########################################

######### Regras para controle do acesso dos grupos ############
acl sexo_regex url_regex -i "/etc/squid3/listas/sexo_regex"
acl redes_sociais_regex url_regex -i "/etc/squid3/listas/redes_sociais_regex"
acl stream_regex url_regex -i "/etc/squid3/listas/stream_regex"
acl sexo dstdomain "/etc/squid3/listas/sexo"
acl redes_sociais dstdomain "/etc/squid3/listas/redes_sociais"
acl diversos dstdom_regex -i "/etc/squid3/listas/diversos"
acl stream dstdomain "/etc/squid3/listas/stream"
acl skype url_regex -i "/etc/squid3/skype"
acl tecnicon dstdomain "/etc/squid3/tecnicon"
acl windowsupdate dstdomain .microsoft.com .windowsupdate.com c2r.microsoft.com download.windowsupdate.com windows.com
############### FIM ###########################

acl CONNECT method CONNECT
acl lan src 10.0.0.0/8
http_access allow tecnicon
http_access allow windowsupdate
http_access allow skype
http_access allow usuarios_limitado diversos
http_access allow usuarios_diretoria !sexo
#http_access allow usuarios_suporte !sexo !sexo_regex
http_access allow usuarios_operacional !sexo !sexo_regex !redes_sociais !redes_sociais_regex
#http_access deny sexo_regex
http_access allow usuarios_adm !sexo !sexo_regex !stream !stream_regex !redes_sociais !redes_sociais_regex
##################### FIM ######################

#http_access allow manager localhost
#http_access allow localhost
http_access allow lan
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
#http_access deny manager
http_access deny all
#################### Fim do arquivo ###################

0 0

Quote