squid 奇怪的错误 443

tag-icon tag-icon linux squid
squid 奇怪的错误 443

我有一台安装了 squid 的 ubuntu20 服务器,昨天之前连接都正常,但是从任何设备都连接不上,我查了 access.log 错误是 443,奇怪的是重启服务的时候,一切如常,突然就连接不上,还显示 443,日志如下:

1675701298.639   3531 51.159.210.175  TCP_MISS/503 538 GET https://zj.chunfafa.cc/ - HIER_DIRECT/47.75.18.48 text/xml    
1675701298.347  15335 216.250.247.251 NONE/500 0 CONNECT 185.45.82.51:80  - HIER_DIRECT/185.45.82.51 -                   
1675701535.912   8853 158.101.167.143 TCP_TUNNEL/200 39 CONNECT 185.45.82.28:8443  - HIER_DIRECT/185.45.82.28 -          
1675701535.421      0 51.159.210.97   NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -                
1675701535.713   3069 176.97.210.103  TCP_TUNNEL/200 39 CONNECT xinebit.com:443    - HIER_DIRECT/45.93.201.94 -             
1675701784.022  60015 193.123.32.118  NONE/503 0 CONNECT 185.45.82.130:80  - HIER_NONE/- -
1675701784.022  59943 158.101.167.143 NONE/503 0 CONNECT 37.130.194.154:80 - HIER_NONE/- -
1675701784.022  59953 193.123.32.118  NONE/503 0 CONNECT 37.130.193.12:80  - HIER_NONE/- -
1675701784.022  60015 84.246.80.166   NONE/503 0 CONNECT 83.169.194.30:465 - HIER_NONE/- -
1675701784.022  59237 146.70.52.247   NONE/503 0 CONNECT 37.130.194.154:80 - HIER_NONE/- -
1675701784.022  60014 84.17.49.109    NONE/503 0 CONNECT 37.130.193.5:443  - HIER_NONE/- -
1675701784.022  59222 193.123.32.118  NONE/503 0 CONNECT 37.130.192.12:80  - HIER_NONE/- -
1675701784.022  60014 193.123.32.118  NONE/503 0 CONNECT 185.45.83.56:443  - HIER_NONE/- -
1675701784.022  60014 146.70.52.247   NONE/503 0 CONNECT 185.45.82.26:8443 - HIER_NONE/- -
1675701784.030      6 75.119.141.2    TCP_TUNNEL/200 39 CONNECT amp-api.apps.apple.com:443 - HIER_DIRECT/23.212.232.122 -

squid配置文件

/etc/squid/squid.conf

Dropbox 链接:squid配置文件

文件内容   没有 # 注释行

1189 |  acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN) 
1190 |  acl localnet src 10.0.0.0/8         # RFC 1918 local private network (LAN)
1191 |  acl localnet src 100.64.0.0/10      # RFC 6598 shared address space (CGN)
1192 |  acl localnet src 169.254.0.0/16     # RFC 3927 link-local (directly plugged) machines   
1193 |  acl localnet src 172.16.0.0/12      # RFC 1918 local private network (LAN)
1194 |  acl localnet src 192.168.0.0/16     # RFC 1918 local private network (LAN)
1195 |  acl localnet src fc00::/7           # RFC 4193 local private network range  
1196 |  acl localnet src fe80::/10          # RFC 4291 link-local (directly plugged) machines   
1197 |          
1198 |  acl SSL_ports port 443      
1199 |  acl Safe_ports port 80      # http
1200 |  acl Safe_ports port 21      # ftp
1201 |  acl Safe_ports port 443     # https
1202 |  acl Safe_ports port 70      # gopher
1203 |  acl Safe_ports port 210     # wais
1204 |  acl Safe_ports port 1025-65535  # unregistered ports    
1205 |  acl Safe_ports port 280     # http-mgmt
1206 |  acl Safe_ports port 488     # gss-http
1207 |  acl Safe_ports port 591     # filemaker
1208 |  acl Safe_ports port 777     # multiling http
1209 |  acl CONNECT method CONNECT


1385 |  # Deny requests to certain unsafe ports
1386 |  http_access allow !Safe_ports
1387 |  
1388 |  # Deny CONNECT to other than secure SSL ports
1389 |  http_access allow CONNECT !SSL_ports
1390 |  
1391 |  # Only allow cachemgr access from localhost
1392 |  http_access allow localhost manager
1393 |  http_access deny manager


1401 |  # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
1402 |  #
1403 |  include /etc/squid/conf.d/*
1404 |  
1405 |  # Example rule allowing access from your local networks.
1406 |  # Adapt localnet in the ACL section to list your (internal) IP networks
1407 |  # from where browsing should be allowed
1408 |  #http_access allow localnet
1409 |  http_access allow localhost
1410 |  
1411 |  # And finally deny all other access to this proxy
1412 |  http_access allow all


1907 |  # Squid normally listens to port 3128
1908 |  http_port 3128

4584 |  # Leave coredumps in the first cache dir
4585 |  coredump_dir /var/spool/squid

            
5284 |  # Add any of your own refresh_pattern entries above these.          
5285 |  #           
5286 |  refresh_pattern ^ftp:       1440    20% 10080
5287 |  refresh_pattern ^gopher:    1440    0%  1440
5288 |  refresh_pattern -i (/cgi-bin/|\?) 0 0%  0       
5289 |  refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims      
5290 |  refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
5291 |  refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
5292 |  refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
5293 |  # example pattern for deb packages          
5294 | #refresh_pattern (\.deb|\.udeb)$   129600 100% 129600        
5295 |  refresh_pattern .       0   20% 4320

相关内容