我设置了一个无需身份验证的个人 squid 代理,以便可以连接到 spotify。我可以连接到普通网站,也可以连接到 Spotify 网站,但是我无法使用桌面客户端连接到 Spotify。
我 - 在 Google Cloud 上运行的 VM 实例上使用 CentOS8
这是我从 Squid 日志中获得的信息:
1583232708.738 0 175.157.46.53 TCP_DENIED/403 3835 CONNECT gae2-accesspoint-b-61fn.ap.spotify.com:4070 - HIER_NONE/- text/html
1583232710.978 0 175.157.46.53 TCP_DENIED/403 3835 CONNECT gae2-accesspoint-b-0j8r.ap.spotify.com:4070 - HIER_NONE/- text/html
1583232812.108 0 175.157.46.53 TCP_DENIED/403 3835 CONNECT gae2-accesspoint-b-kdh7.ap.spotify.com:4070 - HIER_NONE/- text/html
1583232815.938 0 175.157.46.53 TCP_DENIED/403 3835 CONNECT gae2-accesspoint-b-x11x.ap.spotify.com:4070 - HIER_NONE/- text/html
1583233583.698 0 175.157.46.53 TCP_DENIED/403 3829 CONNECT gae2-accesspoint-b-pnz9.ap.spotify.com:80 - HIER_NONE/- text/html
1583233587.078 0 175.157.46.53 TCP_DENIED/403 3835 CONNECT gae2-accesspoint-b-88vj.ap.spotify.com:4070 - HIER_NONE/- text/html
1583233777.928 0 175.157.46.53 TCP_DENIED/403 3835 CONNECT gae2-accesspoint-b-xb9m.ap.spotify.com:4070 - HIER_NONE/- text/html
1583233780.328 0 175.157.46.53 TCP_DENIED/403 3835 CONNECT gae2-accesspoint-b-36xp.ap.spotify.com:4070 - HIER_NONE/- text/html
1583233927.019 0 175.157.46.53 TCP_DENIED/403 3835 CONNECT gae2-accesspoint-b-4s3h.ap.spotify.com:4070 - HIER_NONE/- text/html
1583233931.059 0 175.157.46.53 TCP_DENIED/403 3835 CONNECT gae2-accesspoint-b-rq9g.ap.spotify.com:4070 - HIER_NONE/- text/html
我的鱿鱼配置:
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 4070 #Spotify
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
答案1
我偶然发现了同样的问题。但后来我尝试将 4070 也添加到 SSL_ports 中,并且成功了。它需要两个 acl 条目:
acl SSL_ports port 443
acl SSL_ports port 4070 # spotify
acl SSL_ports port 8443 # openshift port
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 4070 # spotify
acl CONNECT method CONNECT