This page is READ-ONLY. It is generated from the old site.
All timestamps are relative to 2013 (when this page is generated).
If you are looking for TeX support, please go to

squidGuard tricks firefox and squid 2.7

a strange issue
Added by about 3 years ago  »  Votes: 1/1

I have a local caching proxy that uses Squid 2.7. I also use squidGuard to block and because I don't want Google to track my activities.

The problem was that I couldn't access to Using Firefox's tool, I found that when Firefox loaded, it waited for the file until the session's expired. Please note that the accessing to non-secure file ( was normal.


I used curl to get the following verbose information

$ curl -v --proxy localhost:3128

* About to connect() to proxy localhost port 3128 (#0)
*   Trying connected
* Connected to localhost ( port 3128 (#0)
* Establish HTTP proxy tunnel to
> Host:
> User-Agent: curl/7.19.7
> Proxy-Connection: Keep-Alive
< HTTP/1.0 504 Gateway Time-out
< Server: squid
< Date: Sat, 13 Mar 2010 10:27:24 GMT
< Content-Type: text/html
< Content-Length: 1112
< X-Squid-Error: ERR_DNS_FAIL 0
* Received HTTP code 504 from proxy after CONNECT
* Closing connection #0
curl: (56) Received HTTP code 504 from proxy after CONNECT

As reported, this was a DNS problem. This was so strange as my dns resolver works well and it can resolve within 1 seconds. I tried to modify dns settings in squid.conf but I still got the same problem.

I used a special log_format in Squid setting and found that Squid was tricked: - - [13/Mar/2010:17:29:44 +0700] "( CONNECT localhost:443 HTTP/1.1" 200 3954 TCP_MISS:DIRECT - - [13/Mar/2010:17:29:54 +0700] "(-) CONNECT HTTP/1.1" 404 0 TCP_MISS:DIRECT
                                      squid was tricked

The first line shows that Squid connected successfully to my site https://localhost/ (IP:, and the second line shows that was mapped to an undefined address. Because - isn't an valid IP address, Squid failed to fetch contents. And Firefox was tricked too.

I don't know much how SquidGuard and squid work together, but I think that squidGuard fed squid with a very bad stuff :P. I also think that there's a problem with Firefox (the buggy 3.5.7). I mean it would have understood the proxy error's code.

Firefox ----> squid --> squidGuard --> bad IP address ---->\
  \                                                         |
   \<--- squid returns ERR_DNS_FAIL <-- squid dnscache <---/

How to solve this problem? I just removed google-analytics from squidGuard setting and changed my DNS resolver so that was mapped to :))