it is only words of mind ! LETS help our Friend to resolve the issue at first !
I have no possibility to check it right now, have U @zamboni ?
I have installed clean version of server , redy for fight
Yes, squid.conf contains acl Safe_ports port 443. I built a new server from a scratch install, downloaded patches and installed the proxy and filter with the same results. With the proxy enabled, both Chrome and IE time out when trying to load an SSL site. Firefox always loads. One difference is that Firefox does a certificate query to an ocsp database that looks like this:
1434761527.182 82 10.3.0.x TCP_MISS/200 955 POST http://clients1.google.com/ocsp - HIER_DIRECT/74.125.239.131 application/ocsp-response
But turning off that option in Firefox doesn’t stop it from displaying https sites.
For now, I’ll run with the proxy disabled. I may try to build a new system without loading the openssl patch just to confirm that is actually connected to the problem.
@AZChas could U reenable Proxy service or even reinstall it , coz i have made clean Nethserver installation , upgrade all system and then enable proxy , everything work fine !
in Chrome settings make Proxy port 3128 for all protocols!
Thanks, Artem. I will try that. You used manual proxy and set Chrome to go to 3128, yes? Did you try using transparent proxy with no settings change in Chrome?
I have determined that the proxy problem has nothing to do with OpenSSL, so the answer to the question in my subject is No. However, I do have a problem still where transparent proxy has stopped working with both IE and Chrome, but Firefox works fine. All three rely on Windows to automatically detect the proxy setting. I need to find a Mac to see how that works, and should test a few Linux machines as well. But if this was a problem in Windows, I would think there would be lots of chatter about it. I really think it’s most likely something about my specific NethServer configuration that is at the root of the problem.
I’ve gotten to the bottom of the problem, or close to the bottom. If a Windows computer has “automatically detect settings” checked in the internet connection lan settings, Chrome and IE fail – time out – when trying to get web pages through the NS transparent proxy.
All browsers start working when automatic detection is turned off. The way Windows browsers discover the proxy settings is either through DHCP and a file called wpad.dat, or through DNS. What I don’t know is what changed a week ago to cause working clients to fail. But at this point I at least know that I can turn off auto-detection on a client and the proxy comes back to life.
wpad file goes through DHCP and NS add it by the DNS name of a server , maybe it is better to add it by Ip of the server , it is only thoughts so @alefattorini close the topic pls
function FindProxyForURL(url, host)
{
if (isPlainHostName(host))
return “DIRECT”;
if (isInNet(host, “10.3.0.1”, “255.255.255.0”))
return “DIRECT”;
if (isInNet(host, "127.0.0.1", "255.255.255.255"))
return "DIRECT";
return "PROXY proxy.lan:3128";
}
I’m sure “proxy.lan:3128” doesn’t resolve in a meaningful way on my network. I suppose that could be changed to “myhostname.lan:3128” or “10.3.0.1:3128”?