Project

General

Profile

Bug #11711

New Squid Status Page Non-Functional

Added by Kris Phillips about 2 months ago. Updated 10 days ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
Category:
squidguard
Target version:
-
Start date:
03/20/2021
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:
All

Description

Under Services --> Squid --> Status, the page does not load or work on 21.02 of 2.5 of pfSense and pfSense Plus. The following error is presented:

HTTP/1.1 503 Service Unavailable
Server: squid/4.13
Mime-Version: 1.0
Date: Sat, 20 Mar 2021 23:41:04 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 4181
X-Squid-Error: ERR_SECURE_CONNECT_FAIL 92
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.1 localhost (squid/4.13)
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
/* * Copyright (C) 1996-2020 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details.
*/

/*
Stylesheet for Squid Error pages
Adapted from design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
  • {
    font-family: verdana, sans-serif;
    }

html body {
margin: 0;
padding: 0;
background: #efefef;
font-size: 12px;
color: #1e1e1e;
}

/* Page displayed title area */
#titles {
margin-left: 15px;
padding: 10px;
padding-left: 100px;
background: url('/squid-internal-static/icons/SN.png') no-repeat left;
}

/* initial title */
#titles h1 {
color: #000000;
}
#titles h2 {
color: #000000;
}

/* special event: FTP success page titles */
#titles ftpsuccess {
background-color:#00ff00;
width:100%;
}

/* Page displayed body content area */
#content {
padding: 10px;
background: #ffffff;
}

/* General text */
p {
}

/* error brief description */
#error p {
}

/* some data which may have caused the problem */
#data {
}

/* the error message received from the system or other software */
#sysmsg {
}

pre {
}

/* special event: FTP / Gopher directory listing */
#dirmsg {
font-family: courier, monospace;
color: black;
font-size: 10pt;
}
#dirlisting {
margin-left: 2%;
margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
border-bottom: groove;
}
#dirlisting td.size {
width: 50px;
text-align: right;
padding-right: 5px;
}

/* horizontal lines */
hr {
margin: 0;
}

/* page displayed footer area */
#footer {
font-size: 9px;
padding-left: 10px;
}

body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
:lang(he) { direction: rtl; }
--></style>
</head><body id="ERR_SECURE_CONNECT_FAIL">
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>

<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href="https://172.21.92.1:4433/sgerror.php?">https://172.21.92.1:4433/sgerror.php?&lt;/a&gt;&lt;/p>

<blockquote id="error">
<p><b>Failed to establish a secure connection to 172.21.92.1</b></p>
</blockquote>

<div id="sysmsg">
<p>The system returned:</p>
<blockquote id="data">

(92) Protocol error (TLS code: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)

<p>Self-signed SSL Certificate: /O=pfSense webConfigurator Self-Signed Certificate/CN=pfSense-5ed6cf379134f</p>
</blockquote>
</div>

<p>This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.</p>

<p>Your cache administrator is <a href="mailto:admin@localhost?subject=CacheErrorInfo%20-%20ERR_SECURE_CONNECT_FAIL&body=CacheHost%3A%20localhost%0D%0AErrPage%3A%20ERR_SECURE_CONNECT_FAIL%0D%0AErr%3A%20(92)%20Protocol%20error%0D%0ATimeStamp%3A%20Sat,%2020%20Mar%202021%2023%3A41%3A04%20GMT%0D%0A%0D%0AClientIP%3A%20127.0.0.1%0D%0AServerIP%3A%20172.21.92.1%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2Fsgerror.php%3Furl%3D403%2520%26a%3D127.0.0.1%26n%3Dlocalhost%26i%3D%26s%3Ddefault%26t%3Dnone%26u%3Dcache_object%3A%2F%2F172.21.92.1%2Finfo%20HTTP%2F1.0%0AUser-Agent%3A%20squidclient%2F4.13%0D%0AAccept%3A%20*%2F*%0D%0AConnection%3A%20close%0D%0AHost%3A%20172.21.92.1%0D%0A%0D%0A%0D%0A">admin@localhost</a>.</p>
<br>
</div>

<hr>
<div id="footer">
<p>Generated Sat, 20 Mar 2021 23:41:04 GMT by localhost (squid/4.13)</p>
<!-- ERR_SECURE_CONNECT_FAIL -->
</div>
</body></html>

History

#1 Updated by Viktor Gurov 23 days ago

it works fine after disabling SquidGuard

#2 Updated by Kris Phillips 19 days ago

Confirmed. You only need to enable squidGuard for the issue to become present. If you have it installed, but disabled, it is not a problem.

May be relevant logs that show up after enabling:
2021-04-24 23:06:12 [65699] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log
2021-04-24 23:06:12 [65699] New setting: logdir: /var/squidGuard/log
2021-04-24 23:06:12 [65699] New setting: dbhome: /var/db/squidGuard

#3 Updated by Kris Phillips 19 days ago

Error message that shows up in the Status page with squidGuard enabled:

HTTP/1.1 503 Service Unavailable
Server: squid/4.13
Mime-Version: 1.0
Date: Sat, 24 Apr 2021 23:11:55 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 4190
X-Squid-Error: ERR_SECURE_CONNECT_FAIL 92
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.1 localhost (squid/4.13)
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
/* * Copyright (C) 1996-2020 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details.
*/

/*
Stylesheet for Squid Error pages
Adapted from design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
  • {
    font-family: verdana, sans-serif;
    }

html body {
margin: 0;
padding: 0;
background: #efefef;
font-size: 12px;
color: #1e1e1e;
}

/* Page displayed title area */
#titles {
margin-left: 15px;
padding: 10px;
padding-left: 100px;
background: url('/squid-internal-static/icons/SN.png') no-repeat left;
}

/* initial title */
#titles h1 {
color: #000000;
}
#titles h2 {
color: #000000;
}

/* special event: FTP success page titles */
#titles ftpsuccess {
background-color:#00ff00;
width:100%;
}

/* Page displayed body content area */
#content {
padding: 10px;
background: #ffffff;
}

/* General text */
p {
}

/* error brief description */
#error p {
}

/* some data which may have caused the problem */
#data {
}

/* the error message received from the system or other software */
#sysmsg {
}

pre {
}

/* special event: FTP / Gopher directory listing */
#dirmsg {
font-family: courier, monospace;
color: black;
font-size: 10pt;
}
#dirlisting {
margin-left: 2%;
margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
border-bottom: groove;
}
#dirlisting td.size {
width: 50px;
text-align: right;
padding-right: 5px;
}

/* horizontal lines */
hr {
margin: 0;
}

/* page displayed footer area */
#footer {
font-size: 9px;
padding-left: 10px;
}

body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
:lang(he) { direction: rtl; }
--></style>
</head><body id="ERR_SECURE_CONNECT_FAIL">
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>

<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href="https://192.168.56.1/sgerror.php?">https://192.168.56.1/sgerror.php?&lt;/a&gt;&lt;/p>

<blockquote id="error">
<p><b>Failed to establish a secure connection to 192.168.56.1</b></p>
</blockquote>

<div id="sysmsg">
<p>The system returned:</p>
<blockquote id="data">

(92) Protocol error (TLS code: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)

<p>Self-signed SSL Certificate: /O=Netgate pfSense Plus webConfigurator Self-Signed Certificate/CN=pfSense-60843f6197396</p>
</blockquote>
</div>

<p>This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.</p>

<p>Your cache administrator is <a href="mailto:admin@localhost?subject=CacheErrorInfo%20-%20ERR_SECURE_CONNECT_FAIL&body=CacheHost%3A%20localhost%0D%0AErrPage%3A%20ERR_SECURE_CONNECT_FAIL%0D%0AErr%3A%20(92)%20Protocol%20error%0D%0ATimeStamp%3A%20Sat,%2024%20Apr%202021%2023%3A11%3A55%20GMT%0D%0A%0D%0AClientIP%3A%20127.0.0.1%0D%0AServerIP%3A%20192.168.56.1%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2Fsgerror.php%3Furl%3D403%2520%26a%3D127.0.0.1%26n%3Dlocalhost%26i%3D%26s%3Ddefault%26t%3Dnone%26u%3Dcache_object%3A%2F%2F192.168.56.1%2Finfo%20HTTP%2F1.0%0AUser-Agent%3A%20squidclient%2F4.13%0D%0AAccept%3A%20*%2F*%0D%0AConnection%3A%20close%0D%0AHost%3A%20192.168.56.1%0D%0A%0D%0A%0D%0A">admin@localhost</a>.</p>
<br>
</div>

<hr>
<div id="footer">
<p>Generated Sat, 24 Apr 2021 23:11:55 GMT by localhost (squid/4.13)</p>
<!-- ERR_SECURE_CONNECT_FAIL -->
</div>
</body></html>

#4 Updated by Kris Phillips 19 days ago

Status page with squidGuard disabled:

Squid Object Cache: Version 4.13
Build Info:
Service Name: squid
Start Time: Sat, 24 Apr 2021 23:03:22 GMT
Current Time: Sat, 24 Apr 2021 23:13:32 GMT
Connection information for squid:
Number of clients accessing cache: 1
Number of HTTP requests received: 10
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Number of HTCP messages received: 0
Number of HTCP messages sent: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 1.0
Average ICP messages per minute since start: 0.0
Select loop called: 1547 times, 394.479 ms avg
Cache information for squid:
Hits as % of all requests: 5min: 0.0%, 60min: 0.0%
Hits as % of bytes sent: 5min: 100.0%, 60min: 100.0%
Memory hits as % of hit requests: 5min: 0.0%, 60min: 0.0%
Disk hits as % of hit requests: 5min: 0.0%, 60min: 0.0%
Storage Swap size: 0 KB
Storage Swap capacity: 0.0% used, 100.0% free
Storage Mem size: 216 KB
Storage Mem capacity: 0.3% used, 99.7% free
Mean Object Size: 0.00 KB
Requests given to unlinkd: 0
Median Service Times (seconds) 5 min 60 min:
HTTP Requests (All): 0.00091 0.00091
Cache Misses: 0.00091 0.00091
Cache Hits: 0.00000 0.00000
Near Hits: 0.00000 0.00000
Not-Modified Replies: 0.00000 0.00000
DNS Lookups: 0.00000 0.00000
ICP Queries: 0.00000 0.00000
Resource usage for squid:
UP Time: 610.259 seconds
CPU Time: 0.243 seconds
CPU Usage: 0.04%
CPU Usage, 5 minute avg: 0.01%
CPU Usage, 60 minute avg: 0.04%
Maximum Resident Size: 94704 KB
Page faults with physical i/o: 0
Memory accounted for:
Total accounted: 865 KB
memPoolAlloc calls: 38270
memPoolFree calls: 38436
File descriptor usage for squid:
Maximum number of file descriptors: 12969
Largest file desc currently in use: 21
Number of file desc currently in use: 9
Files queued for open: 0
Available number of file descriptors: 12960
Reserved number of file descriptors: 100
Store Disk files open: 0
Internal Data Structures:
52 StoreEntries
52 StoreEntries with MemObjects
0 Hot Object Cache Items
0 on-disk objects

#5 Updated by Kris Phillips 19 days ago

Based on the error messages, it would seem it's something with TLS negotiation, which is odd since it works fine without squidGuard enabled.

#6 Updated by Viktor Gurov 12 days ago

  • Category changed from Squid to squidguard
  • Affected Version deleted (2.5.0)

#7 Updated by Jim Pingle 10 days ago

  • Status changed from New to Pull Request Review
  • Assignee set to Viktor Gurov

Also available in: Atom PDF