Hi there team!
I’m having issues with the squid in transparent mode with or without SSL interception. For some reason, the dns for all HTTPs request is not appearing in logs. I have enabled Block access to web sites using ip address option but due to this issue, this feature must be disabled.
logs:
2020-01-07 10:51:33 [12265] BLOCK - 192.168.1.66 default in-addr 172.217.30.246::443 CONNECT
2020-01-07 10:51:33 [12265] BLOCK - 192.168.1.116 default in-addr 172.217.30.246::443 CONNECT
2020-01-07 10:51:33 [12265] BLOCK - 192.168.1.66 default in-addr 172.217.30.246:443 CONNECT
My temporal solution was disabling “Block access to web sites using ip address” option but I’m 100% sure that all of this connect is HTTPs valid request sending to google, facebook, Microsoft, etc.
sqstat output after the temporal solution:
192.168.1.66
13.110.37.30:443 0 b
216.239.32.116:443 0 b 38s
172.217.172.99:443 0 b 40s
3.120.171.225:443 0 b 44s
216.58.202.46:443 0 b 58s
216.58.202.46:443 0 b 58s
172.217.172.113:443 0 b 58s
172.217.172.78:443 0 b 1m 30s
193.182.15.115:443 0 b 2m 14s
162.251.148.163:443
I’m observing also a lot of logs with no sense like:
blocked.nethserver.org:443 0 b 16m 14s
blocked.nethserver.org:443 0 b 16m 14s
blocked.nethserver.org:443 0 b 16m 33s
Why squid is not resolving property the DNS request for all HTTPs site with CONNECT method?
Is a issue?
I have configured with no issue DNS server is nethserver.
Regards!
Dx