squid搭建翻墙代理被GFW RST连接
这年头不能FQ就等于被xxx给xxx变成NC了。 前几天用squid 缓存代理服务器搭建了一个代理,访问百度OK,但访问google,www.slideshare.net就失败。 于是从服务器上看了下日志: 1371014207.652 1 222.129.32.31 TCP_MISS/000 0 GET http://www.slideshare.net/plamere/music-recommendation-and-discovery - DIRECT/www.slideshare.net - 状态码为: TCP_MISS/000 。 含义为:
1, The client aborted request before SQUID could return any data 2, The website might be unavailable, due to DNS issue, network issue or an abnormal running web server.
第二点我都没有显示设置过,因此应该是第一点,抓包验证了一下,果然是被GCD把连接给RST了:
GET http://www.slideshare.net/plamere/music-recommendation-and-discovery HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Host: www.slideshare.net
本地发送了GET请求,但被RST,因此squid 就记录错误码000了。 看来只能上SaSaH了
@levin
有道理,谢谢
博主,其实可以在client发出请求到server之前用stunnel https加密一下,squid设置支持https接收client请求就好。