Squid seltsamer Fehler 443

tag-icon tag-icon linux squid
Squid seltsamer Fehler 443

Ich habe einen Ubuntu20-Server mit installiertem Squid. Die Verbindung war bis gestern normal, ich kann mich von keinem Gerät aus verbinden, ich habe das access.log überprüft und der Fehler ist 443. Das Seltsame ist, dass der Dienst beim Neustart wie erwartet funktioniert und ich plötzlich keine Verbindung mehr herstellen kann und 443. Einige Protokolle:

1675701298.639   3531 51.159.210.175  TCP_MISS/503 538 GET https://zj.chunfafa.cc/ - HIER_DIRECT/47.75.18.48 text/xml    
1675701298.347  15335 216.250.247.251 NONE/500 0 CONNECT 185.45.82.51:80  - HIER_DIRECT/185.45.82.51 -                   
1675701535.912   8853 158.101.167.143 TCP_TUNNEL/200 39 CONNECT 185.45.82.28:8443  - HIER_DIRECT/185.45.82.28 -          
1675701535.421      0 51.159.210.97   NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -                
1675701535.713   3069 176.97.210.103  TCP_TUNNEL/200 39 CONNECT xinebit.com:443    - HIER_DIRECT/45.93.201.94 -             
1675701784.022  60015 193.123.32.118  NONE/503 0 CONNECT 185.45.82.130:80  - HIER_NONE/- -
1675701784.022  59943 158.101.167.143 NONE/503 0 CONNECT 37.130.194.154:80 - HIER_NONE/- -
1675701784.022  59953 193.123.32.118  NONE/503 0 CONNECT 37.130.193.12:80  - HIER_NONE/- -
1675701784.022  60015 84.246.80.166   NONE/503 0 CONNECT 83.169.194.30:465 - HIER_NONE/- -
1675701784.022  59237 146.70.52.247   NONE/503 0 CONNECT 37.130.194.154:80 - HIER_NONE/- -
1675701784.022  60014 84.17.49.109    NONE/503 0 CONNECT 37.130.193.5:443  - HIER_NONE/- -
1675701784.022  59222 193.123.32.118  NONE/503 0 CONNECT 37.130.192.12:80  - HIER_NONE/- -
1675701784.022  60014 193.123.32.118  NONE/503 0 CONNECT 185.45.83.56:443  - HIER_NONE/- -
1675701784.022  60014 146.70.52.247   NONE/503 0 CONNECT 185.45.82.26:8443 - HIER_NONE/- -
1675701784.030      6 75.119.141.2    TCP_TUNNEL/200 39 CONNECT amp-api.apps.apple.com:443 - HIER_DIRECT/23.212.232.122 -

squid.conf

/etc/squid/squid.conf

Dropbox-Link:squid.conf:

Dateiinhalt   (ohne # kommentierte Zeilen)

1189 |  acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN) 
1190 |  acl localnet src 10.0.0.0/8         # RFC 1918 local private network (LAN)
1191 |  acl localnet src 100.64.0.0/10      # RFC 6598 shared address space (CGN)
1192 |  acl localnet src 169.254.0.0/16     # RFC 3927 link-local (directly plugged) machines   
1193 |  acl localnet src 172.16.0.0/12      # RFC 1918 local private network (LAN)
1194 |  acl localnet src 192.168.0.0/16     # RFC 1918 local private network (LAN)
1195 |  acl localnet src fc00::/7           # RFC 4193 local private network range  
1196 |  acl localnet src fe80::/10          # RFC 4291 link-local (directly plugged) machines   
1197 |          
1198 |  acl SSL_ports port 443      
1199 |  acl Safe_ports port 80      # http
1200 |  acl Safe_ports port 21      # ftp
1201 |  acl Safe_ports port 443     # https
1202 |  acl Safe_ports port 70      # gopher
1203 |  acl Safe_ports port 210     # wais
1204 |  acl Safe_ports port 1025-65535  # unregistered ports    
1205 |  acl Safe_ports port 280     # http-mgmt
1206 |  acl Safe_ports port 488     # gss-http
1207 |  acl Safe_ports port 591     # filemaker
1208 |  acl Safe_ports port 777     # multiling http
1209 |  acl CONNECT method CONNECT


1385 |  # Deny requests to certain unsafe ports
1386 |  http_access allow !Safe_ports
1387 |  
1388 |  # Deny CONNECT to other than secure SSL ports
1389 |  http_access allow CONNECT !SSL_ports
1390 |  
1391 |  # Only allow cachemgr access from localhost
1392 |  http_access allow localhost manager
1393 |  http_access deny manager


1401 |  # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
1402 |  #
1403 |  include /etc/squid/conf.d/*
1404 |  
1405 |  # Example rule allowing access from your local networks.
1406 |  # Adapt localnet in the ACL section to list your (internal) IP networks
1407 |  # from where browsing should be allowed
1408 |  #http_access allow localnet
1409 |  http_access allow localhost
1410 |  
1411 |  # And finally deny all other access to this proxy
1412 |  http_access allow all


1907 |  # Squid normally listens to port 3128
1908 |  http_port 3128

4584 |  # Leave coredumps in the first cache dir
4585 |  coredump_dir /var/spool/squid

            
5284 |  # Add any of your own refresh_pattern entries above these.          
5285 |  #           
5286 |  refresh_pattern ^ftp:       1440    20% 10080
5287 |  refresh_pattern ^gopher:    1440    0%  1440
5288 |  refresh_pattern -i (/cgi-bin/|\?) 0 0%  0       
5289 |  refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims      
5290 |  refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
5291 |  refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
5292 |  refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
5293 |  # example pattern for deb packages          
5294 | #refresh_pattern (\.deb|\.udeb)$   129600 100% 129600        
5295 |  refresh_pattern .       0   20% 4320

verwandte Informationen