25
04
25
 1 Comment

Squid unexpectedly stopped working

Posted by | Network and Internet, Ubuntu |

Squid unexpectedly stopped working with my home internet connection. I created a temporary user:

cd /etc/squid/
sudo htpasswd -B squid-password temp
sudo service squid reload

tried the following command

curl -v -x https://developernote.com:3129 --proxy-user temp:<password> -I https://api.ipify.org/

with another internet provider and it succeeded.

But from my home machine it hangs up with the following output:

*   Trying 172.236.29.157:3129...
* Connected to (nil) (172.236.29.157) port 3129 (#0)
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Proxy certificate:
*  subject: CN=developernote.com
*  start date: Apr 17 19:59:30 2025 GMT
*  expire date: Jul 16 19:59:29 2025 GMT
*  subjectAltName: host "(nil)" matched cert's "developernote.com"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
* allocate connect buffer!
* Establish HTTP proxy tunnel to api.ipify.org:443
* Proxy auth using Basic with user 'temp'
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> CONNECT api.ipify.org:443 HTTP/1.1
> Host: api.ipify.org:443
> Proxy-Authorization: Basic dGVtcDpVaG9vdzFvaGNoMEY=
> User-Agent: curl/7.81.0
> Proxy-Connection: Keep-Alive
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/1.1 200 Connection established
HTTP/1.1 200 Connection established
<

* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
^C

and I can see the following in its logs:

sudo tail /var/log/squid/access.log

1745578447.885    132 172.236.29.157 TCP_TUNNEL/200 3779 CONNECT api.ipify.org:443 temp HIER_DIRECT/172.67.74.152 -
1745578831.222  15363 91.122.37.167 TCP_TUNNEL/200 39 CONNECT api.ipify.org:443 temp HIER_DIRECT/104.26.12.205 -
1745578842.191  15003 91.122.37.167 TCP_TUNNEL/200 39 CONNECT api.ipify.org:443 temp HIER_DIRECT/104.26.12.205 -

while the normal output is the following:

* Host developernote.com:3129 was resolved.
* IPv6: (none)
* IPv4: 172.236.29.157
*   Trying 172.236.29.157:3129...
* Connected to developernote.com (172.236.29.157) port 3129
* ALPN: curl offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server did not agree on a protocol. Uses default.
* Proxy certificate:
*  subject: CN=developernote.com
*  start date: Apr 17 19:59:30 2025 GMT
*  expire date: Jul 16 19:59:29 2025 GMT
*  subjectAltName: host "developernote.com" matched cert's "developernote.com"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* CONNECT tunnel: HTTP/1.1 negotiated
* allocate connect buffer
* Proxy auth using Basic with user 'temp'
* Establish HTTP proxy tunnel to api.ipify.org:443
> CONNECT api.ipify.org:443 HTTP/1.1
> Host: api.ipify.org:443
> Proxy-Authorization: Basic dGVtcDpMaWEwQVZvOWl0aGk=
> User-Agent: curl/8.5.0
> Proxy-Connection: Keep-Alive
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/1.1 200 Connection established
HTTP/1.1 200 Connection established
<

* CONNECT phase completed
* CONNECT tunnel established, response 200
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=ipify.org
*  start date: Mar 11 14:08:25 2025 GMT
*  expire date: Jun  9 15:08:19 2025 GMT
*  subjectAltName: host "api.ipify.org" matched cert's "*.ipify.org"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
*   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://api.ipify.org/
* [HTTP/2] [1] [:method: HEAD]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: api.ipify.org]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
> HEAD / HTTP/2
> Host: api.ipify.org
> User-Agent: curl/8.5.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 520
HTTP/2 520
< date: Fri, 25 Apr 2025 11:16:12 GMT
date: Fri, 25 Apr 2025 11:16:12 GMT
< content-type: text/plain; charset=UTF-8
content-type: text/plain; charset=UTF-8
< content-length: 15
content-length: 15
< x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
< referrer-policy: same-origin
referrer-policy: same-origin
< cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< expires: Thu, 01 Jan 1970 00:00:01 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
< server: cloudflare
server: cloudflare
< cf-ray: 935d6d463900943d-LHR
cf-ray: 935d6d463900943d-LHR
< server-timing: cfL4;desc="?proto=TCP&rtt=7358&min_rtt=2185&rtt_var=10746&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3400&recv_bytes=780&delivery_rate=1325400&cwnd=253&unsent_bytes=0&cid=743886e81608dcff&ts=731&x=0"
server-timing: cfL4;desc="?proto=TCP&rtt=7358&min_rtt=2185&rtt_var=10746&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3400&recv_bytes=780&delivery_rate=1325400&cwnd=253&unsent_bytes=0&cid=743886e81608dcff&ts=731&x=0"

<
* Connection #0 to host developernote.com left intact

Maybe an hour later I started working again from my home machine and the output was the following:

*   Trying 172.236.29.157:3129...
* Connected to (nil) (172.236.29.157) port 3129 (#0)
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Proxy certificate:
*  subject: CN=developernote.com
*  start date: Apr 17 19:59:30 2025 GMT
*  expire date: Jul 16 19:59:29 2025 GMT
*  subjectAltName: host "(nil)" matched cert's "developernote.com"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
* allocate connect buffer!
* Establish HTTP proxy tunnel to api.ipify.org:443
* Proxy auth using Basic with user 'temp'
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> CONNECT api.ipify.org:443 HTTP/1.1
> Host: api.ipify.org:443
> Proxy-Authorization: Basic dGVtcDpMaWEwQVZvOWl0aGk=
> User-Agent: curl/7.81.0
> Proxy-Connection: Keep-Alive
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=ipify.org
*  start date: Mar 11 14:08:25 2025 GMT
*  expire date: Jun  9 15:08:19 2025 GMT
*  subjectAltName: host "api.ipify.org" matched cert's "*.ipify.org"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x5589aaffc9f0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: api.ipify.org
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200
< date: Fri, 25 Apr 2025 12:21:41 GMT
< content-type: text/plain
< content-length: 14
< vary: Origin
< cf-cache-status: DYNAMIC
< server: cloudflare
< cf-ray: 935dcd356f9cef44-LHR
< server-timing: cfL4;desc="?proto=TCP&rtt=1244&min_rtt=1193&rtt_var=367&sent=5&recv=10&lost=0&retrans=0&sent_bytes=3378&recv_bytes=819&delivery_rate=2322373&cwnd=240&unsent_bytes=0&cid=fe094c1361ca7b1c&ts=138&x=0"
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host (nil) left intact

1 Response to Squid unexpectedly stopped working

  1. dmitriano says:
    April 25, 2025 at 2:27 pm

    Run Curl Commands Online
    https://reqbin.com/curl
    curl -x https://developernote.com:3129 –proxy-user temp:XXXXXXX -I https://api.ipify.org/

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *