You need to join this project to post message / question. See Help for details.

squidGuard tricks firefox and squid 2.7

a strange issue
Added by z almost 2 years ago  »  Votes: 1/1

I have a local caching proxy that uses Squid 2.7. I also use squidGuard to block http://ssl.google-analytics.com and https://ssl.google-analytics.com because I don't want Google to track my activities.

The problem was that I couldn't access to https://gmail.com/. Using Firefox's tool, I found that when Firefox loaded https://gmail.com/, it waited for the file https://ssl.google-analytics.com/ga.js until the session's expired. Please note that the accessing to non-secure file (http://ssl.google-analytics.com/ga.js) was normal.

--

I used curl to get the following verbose information

$ curl -v --proxy localhost:3128 https://ssl.google-analytics.com/

* About to connect() to proxy localhost port 3128 (#0)
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 3128 (#0)
* Establish HTTP proxy tunnel to ssl.google-analytics.com:443
> CONNECT ssl.google-analytics.com:443 HTTP/1.1
> Host: ssl.google-analytics.com:443
> User-Agent: curl/7.19.7
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 504 Gateway Time-out
< Server: squid
< Date: Sat, 13 Mar 2010 10:27:24 GMT
< Content-Type: text/html
< Content-Length: 1112
< X-Squid-Error: ERR_DNS_FAIL 0
<
* Received HTTP code 504 from proxy after CONNECT
* Closing connection #0
curl: (56) Received HTTP code 504 from proxy after CONNECT

As reported, this was a DNS problem. This was so strange as my dns resolver works well and it can resolve ssl.google-analytics.com within 1 seconds. I tried to modify dns settings in squid.conf but I still got the same problem.

I used a special log_format in Squid setting and found that Squid was tricked:

127.0.0.1 - - [13/Mar/2010:17:29:44 +0700] "(127.0.0.2) CONNECT localhost:443 HTTP/1.1" 200 3954 TCP_MISS:DIRECT
127.0.0.1 - - [13/Mar/2010:17:29:54 +0700] "(-) CONNECT ssl.google-analytics.com:443 HTTP/1.1" 404 0 TCP_MISS:DIRECT
                                            ^^^
                                      squid was tricked

The first line shows that Squid connected successfully to my site https://localhost/ (IP: 127.0.0.1), and the second line shows that ssl.google-analytics.com was mapped to an undefined address. Because - isn't an valid IP address, Squid failed to fetch contents. And Firefox was tricked too.

I don't know much how SquidGuard and squid work together, but I think that squidGuard fed squid with a very bad stuff :P. I also think that there's a problem with Firefox (the buggy 3.5.7). I mean it would have understood the proxy error's code.

Firefox ----> squid --> squidGuard --> bad IP address ---->\
  \                                                         |
   \<--- squid returns ERR_DNS_FAIL <-- squid dnscache <---/

How to solve this problem? I just removed google-analytics from squidGuard setting and changed my DNS resolver so that ssl.google-analytics was mapped to 127.0.0.1 :))


Comments