Netgate SG-1000 microFirewall

Author Topic: speedtest.net (HTML5 version) doesn't work via squid.  (Read 410 times)

0 Members and 1 Guest are viewing this topic.

Offline JamesVA

  • Newbie
  • *
  • Posts: 21
  • Karma: +1/-0
    • View Profile
speedtest.net (HTML5 version) doesn't work via squid.
« on: December 09, 2017, 10:23:44 pm »
Greetings, i've set up squid with HTTP/HTTPS inspection via CA certs.  Pretty standard setup.  All works as expected.

The only issue is when I go to speedtest.net I get the error saying that I have an AdBlocker that needs to be configured (see attached image).  This only happens if I try to use their HTML5 test.  If I use the "Legacy" Adobe Flash test, it works just fine.

/var/squid/logs/access_log shows the following denials:
Code: [Select]
1512875812.130      0 10.0.100.161 TCP_DENIED/200 0 CONNECT 127.0.0.1:59243 - HIER_NONE/- -
1512875815.335      0 10.0.100.161 TCP_DENIED/200 0 CONNECT stl.speedtest.sbcglobal.net:8080 - HIER_NONE/- -
1512875815.403      0 10.0.100.161 TCP_DENIED/200 0 CONNECT speed.elitesystemsllc.com:8080 - HIER_NONE/- -
1512875815.479      0 10.0.100.161 TCP_DENIED/200 0 CONNECT spt01olvemo.stls.mo.charter.com:8080 - HIER_NONE/- -
1512875815.699      0 10.0.100.161 TCP_DENIED/200 0 CONNECT speedtest.hcsonline.net:8080 - HIER_NONE/- -
1512875815.852      0 10.0.100.161 TCP_DENIED/200 0 CONNECT sp1.bays-et.net:8080 - HIER_NONE/- -
1512875817.532      0 10.0.100.161 TCP_DENIED/200 0 CONNECT 69.71.0.90:80 - HIER_NONE/- -
1512875818.255      0 10.0.100.161 TCP_DENIED/200 0 CONNECT 66.71.248.163:80 - HIER_NONE/- -
1512875819.901      0 10.0.100.161 TCP_DENIED/200 0 CONNECT 104.200.153.211:80 - HIER_NONE/- -
1512875820.170      0 10.0.100.161 TCP_DENIED/200 0 CONNECT 174.127.82.212:80 - HIER_NONE/- -
1512875821.276      0 10.0.100.161 TCP_DENIED/200 0 CONNECT 216.8.137.219:80 - HIER_NONE/- -


I've tried adding these domains into the whitelist under ACLs, but that hasn't changed anything.

Anything else I can try?

Thanks for any suggestions!


Offline Impatient

  • Jr. Member
  • **
  • Posts: 31
  • Karma: +1/-0
    • View Profile
Re: speedtest.net (HTML5 version) doesn't work via squid.
« Reply #1 on: December 10, 2017, 02:37:14 am »
Do you have pfBlockerNG installed also?


Offline JamesVA

  • Newbie
  • *
  • Posts: 21
  • Karma: +1/-0
    • View Profile
Re: speedtest.net (HTML5 version) doesn't work via squid.
« Reply #2 on: December 12, 2017, 11:47:18 pm »
I do, but it's not enabled.

Offline Impatient

  • Jr. Member
  • **
  • Posts: 31
  • Karma: +1/-0
    • View Profile
Re: speedtest.net (HTML5 version) doesn't work via squid.
« Reply #3 on: December 13, 2017, 02:53:14 pm »
I do, but it's not enabled.


The DNSBL portion also?

I run squid also with MITM Non-Transparent and Certificates with proxy configured in Edge browser and if I disable pfBlocker and
the DNSBL portion I can run the HTML5 speed test's.

On the Cert's tab in Squid I run Intermediate instead of Modern and also Do not verify remote Certificate's due
to a problem's with my wife's work-site.