Squid not working as expected.

Hi.
I installed the squid proxy server on my tumbleweed test PC and it’s not working as expected. It just doesn’t seem to do anything. For the sake of testing I have disabled the PC’s firewall as well.

squid:/etc/squid # cat /etc/os-release 
NAME="openSUSE Tumbleweed"
# VERSION="20220101"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20220101"
PRETTY_NAME="openSUSE Tumbleweed"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:tumbleweed:20220101"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
DOCUMENTATION_URL="https://en.opensuse.org/Portal:Tumbleweed"
LOGO="distributor-logo-Tumbleweed"

This is my squid.conf -

squid:/etc/squid # cat squid.conf
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 0.0.0.1-0.255.255.255    # RFC 1122 "this" network (LAN)
#acl localnet src 10.0.0.0/8        # RFC 1918 local private network (LAN)
#acl localnet src 100.64.0.0/10        # RFC 6598 shared address space (CGN)
#acl localnet src 169.254.0.0/16     # RFC 3927 link-local (directly plugged) machines
#acl localnet src 172.16.0.0/12        # RFC 1918 local private network (LAN)
#acl localnet src 192.168.0.0/16        # RFC 1918 local private network (LAN)
#acl localnet src fc00::/7           # RFC 4193 local private network range
#acl localnet src fe80::/10          # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

acl localnet src 10.0.0.0/8 

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320

The journalctl doesn;t show me anything informative -

squid:/etc/squid # journalctl -fu squid
-- Journal begins at Fri 2021-12-31 14:07:44 AWST. --
Jan 06 08:01:10 squid squid[1365]: Squid Parent: will start 1 kids
Jan 06 08:01:10 squid squid[1365]: Squid Parent: (squid-1) process 1375 started
Jan 06 08:08:12 squid systemd[1]: Stopping Squid caching proxy...
Jan 06 08:08:43 squid squid[1365]: Squid Parent: squid-1 process 1375 exited with status 0
Jan 06 08:08:43 squid systemd[1]: squid.service: Deactivated successfully.
Jan 06 08:08:43 squid systemd[1]: Stopped Squid caching proxy.
Jan 06 08:08:43 squid systemd[1]: Starting Squid caching proxy...
Jan 06 08:08:43 squid squid[3135]: Squid Parent: will start 1 kids
Jan 06 08:08:43 squid squid[3135]: Squid Parent: (squid-1) process 3137 started
Jan 06 08:08:43 squid systemd[1]: Started Squid caching proxy.
Jan 06 08:28:01 squid systemd[1]: Stopping Squid caching proxy...
Jan 06 08:28:32 squid squid[3135]: Squid Parent: squid-1 process 3137 exited with status 0
Jan 06 08:28:32 squid systemd[1]: squid.service: Deactivated successfully.
Jan 06 08:28:32 squid systemd[1]: Stopped Squid caching proxy.
Jan 06 08:28:32 squid systemd[1]: Starting Squid caching proxy...
Jan 06 08:28:32 squid squid[3767]: Squid Parent: will start 1 kids
Jan 06 08:28:32 squid squid[3767]: Squid Parent: (squid-1) process 3769 started
Jan 06 08:28:32 squid systemd[1]: Started Squid caching proxy.

If I run the test script from the docs page I get an internal server error which I’m not sure how to resolve -

squid:/etc/squid # squidclient http://www.example.org
HTTP/1.1 500 Internal Server Error
Server: squid/5.3
Mime-Version: 1.0
Date: Thu, 06 Jan 2022 00:22:50 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3817
X-Squid-Error: ERR_CANNOT_FORWARD 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from squid
X-Cache-Lookup: MISS from squid:3128
Via: 1.1 squid (squid/5.3)
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2021 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!-- 
 /*
 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 Stylesheet for Squid Error pages
 Adapted from design by Free CSS Templates
 http://www.freecsstemplates.org
 Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
* {
    font-family: verdana, sans-serif;
}

html body {
    margin: 0;
    padding: 0;
    background: #efefef;
    font-size: 12px;
    color: #1e1e1e;
}

/* Page displayed title area */
#titles {
    margin-left: 15px;
    padding: 10px;
    padding-left: 100px;
    background: url('/squid-internal-static/icons/SN.png') no-repeat left;
}

/* initial title */
#titles h1 {
    color: #000000;
}
#titles h2 {
    color: #000000;
}

/* special event: FTP success page titles */
#titles ftpsuccess {
    background-color:#00ff00;
    width:100%;
}

/* Page displayed body content area */
#content {
    padding: 10px;
    background: #ffffff;
}

/* General text */
p {
}

/* error brief description */
#error p {
}

/* some data which may have caused the problem */
#data {
}

/* the error message received from the system or other software */
#sysmsg {
}

pre {
}

/* special event: FTP / Gopher directory listing */
#dirmsg {
    font-family: courier, monospace;
    color: black;
    font-size: 10pt;
}
#dirlisting {
    margin-left: 2%;
    margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
    border-bottom: groove;
}
#dirlisting td.size {
    width: 50px;
    text-align: right;
    padding-right: 5px;
}

/* horizontal lines */
hr {
    margin: 0;
}

/* page displayed footer area */
#footer {
    font-size: 9px;
    padding-left: 10px;
}


body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
:lang(he) { direction: rtl; }
 --></style>
</head><body id=ERR_CANNOT_FORWARD>
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>

<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href="http://www.example.org/">http://www.example.org/</a></p>

<blockquote id="error">
<p><b>Unable to forward this request at this time.</b></p>
</blockquote>

<p>This request could not be forwarded to the origin server or to any parent caches.</p>

<p>Some possible problems are:</p>
<ul>
<li id="network-down">An Internet connection needed to access this domains origin servers may be down.</li>
<li id="no-peer">All configured parent caches may be currently unreachable.</li>
<li id="permission-denied">The administrator may not allow this cache to make direct connections to origin servers.</li>
</ul>

<p>Your cache administrator is <a href="mailto:webmaster?subject=CacheErrorInfo%20-%20ERR_CANNOT_FORWARD&body=CacheHost%3A%20squid%0D%0AErrPage%3A%20ERR_CANNOT_FORWARD%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Thu,%2006%20Jan%202022%2000%3A22%3A50%20GMT%0D%0A%0D%0AClientIP%3A%20%3A%3A1%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2F%20HTTP%2F1.0%0AUser-Agent%3A%20squidclient%2F5.3%0D%0AAccept%3A%20*%2F*%0D%0AConnection%3A%20close%0D%0AHost%3A%20www.example.org%0D%0A%0D%0A%0D%0A">webmaster</a>.</p>

<br>
</div>

<hr>
<div id="footer">
<p>Generated Thu, 06 Jan 2022 00:22:50 GMT by squid (squid/5.3)</p>
<!-- ERR_CANNOT_FORWARD -->
</div>
</body></html>
squid:/etc/squid # 

I tried accessing the squid in my browser and got this result pictured SUSE Paste.

Another odd thing I found that if I access the squid confif via yast2-squid I see a message that the squid firewall service is not available SUSE Paste . Is this an issue because if I check the firewalld (remember the firewall is disabled during these tests) I see the squid service -

squid:/etc/squid # firewall-cmd --list-services 
dhcpv6-client nfs nfs3 squid ssh tigervnc tigervnc-https
squid:/etc/squid # 

I repeated my installation in a KVM/QEMU VM and get the same dud result. I’m assuming there is somethng subtly wrong with my squid.conf but for the life of me I spent 3 days trying to fix it.

What have I done wrong in trying to get squid to work?
Thanks.

I tried accessing the squid in my browser and got this result pictured SUSE Paste.

What you get here is what you should expect - you can’t really connect to squid directly like this and not get an error message, so that behavior is as expected.

What is the local network address range? I saw that you hadn’t uncommented anything in the local address ranges at the top, but it looks like you’ve added a 10.x.x.x network as the local network (but would like to confirm that).

It’s been a while since I configured squid, so it’s possible I might be not thinking of something else - I’ve got it configured on my router as well as in an AWS instance, so I can compare a bit and see if there’s something obvious.

HI, yes I commented out all rules but added the 10.0.0.0/8 network where it said to.

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

acl localnet src 10.0.0.0/8 

# Example rule allowing access from your local networks.

I made a lot of progress last night - this example from the opensuse squid manual Squid caching proxy server | Reference | openSUSE Leap 15.5

**Example 26.1: A request with squidclient [Report Documentation Bug](https://bugzilla.opensuse.org/enter_bug.cgi?&product=openSUSE%20Distribution&component=Documentation&short_desc=%5Bdoc%5D%20Example%26nbsp%3B26.1%3A%20%20A%20request%20with%20%3Ccode%20class%3D%22command%22%3Esquidclient%3C%2Fcode%3E%20&comment=Example%26nbsp%3B26.1%3A%20%20A%20request%20with%20%3Ccode%20class%3D%22command%22%3Esquidclient%3C%2Fcode%3E%20%3A%0A%0Ahttps%3A%2F%2Fdoc.opensuse.org%2Fdocumentation%2Fleap%2Freference%2Fhtml%2Fbook-reference%2Fcha-squid.html%23ex-squidclient-request&assigned_to=fs%40suse.com&version=Leap%2015.3) #](https://doc.opensuse.org/documentation/leap/reference/html/book-reference/cha-squid.html#ex-squidclient-request)**


squidclient http://www.example.org
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/html
Date: Fri, 22 Jun 2016 12:00:00 GMT
Expires: Fri, 29 Jun 2016 12:00:00 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Server: ECS (iad/182A)
Vary: Accept-Encoding
X-Cache: HIT
x-ec-custom-error: 1
Content-Length: 1270
X-Cache: MISS from moonX-Cache-Lookup: MISS from moon:3128
Via: 1.1 moon (squid/3.5.16)Connection: close

seems to be BS. It returns

squid:/etc/squid # squidclient http://www.example.org
HTTP/1.1 500 Internal Server Error
Server: squid/5.3
Mime-Version: 1.0
Date: Thu, 06 Jan 2022 00:22:50 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3817
X-Squid-Error: ERR_CANNOT_FORWARD 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from squid
X-Cache-Lookup: MISS from squid:3128
Via: 1.1 squid (squid/5.3)
Connection: close

But if I use any other url it works -

squid:~ # squidclient https://www.google.com
HTTP/1.1 200 OK
Date: Fri, 07 Jan 2022 00:39:47 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2022-01-07-00; expires=Sun, 06-Feb-2022 00:39:47 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=tvQi3AQ7493HFRyDWk-Or_fGJlcAqOWizh3E2sNVCCPCRh5vmBfuQhpf4GJFRw9CNScVFnpmSy4CG1wNzL8iu7kFBpPosczNWKzVj5gtRT2zSoKgGshFv4emtN7rr6KdUMf8Vxr2V2lqtYGmgVZfihSmoLvwqXR2aW2rtt0vKB4; expires=Sat, 09-Jul-2022 00:39:47 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
X-Cache: MISS from squid
X-Cache-Lookup: MISS from squid:3128
Via: 1.1 squid (squid/5.3)
Connection: close

Keeping the firewall disabled I can get some sense with squid now. I successfully cached a youtube video and watched via the network monitor iftop
that it played from the cache when I set the proxy in firefox.

Now I need to get it working with the firewall active but that yast2-squid issue is making me suspicious SUSE Paste

More testing…

Can you access “bad” URL from computer with squid directly using curl or browser?

In firefox on the squid server I can access www.google.com but not www.example.org. Same result with curl -

Curl ‘bad url’

squid:~ # curl http://www.example.org
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2021 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!-- 
 /*
 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 Stylesheet for Squid Error pages
 Adapted from design by Free CSS Templates
 http://www.freecsstemplates.org
 Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
* {
    font-family: verdana, sans-serif;
}

html body {
    margin: 0;
    padding: 0;
    background: #efefef;
    font-size: 12px;
    color: #1e1e1e;
}

/* Page displayed title area */
#titles {
    margin-left: 15px;
    padding: 10px;
    padding-left: 100px;
    background: url('/squid-internal-static/icons/SN.png') no-repeat left;
}

/* initial title */
#titles h1 {
    color: #000000;
}
#titles h2 {
    color: #000000;
}

/* special event: FTP success page titles */
#titles ftpsuccess {
    background-color:#00ff00;
    width:100%;
}

/* Page displayed body content area */
#content {
    padding: 10px;
    background: #ffffff;
}

/* General text */
p {
}

/* error brief description */
#error p {
}

/* some data which may have caused the problem */
#data {
}

/* the error message received from the system or other software */
#sysmsg {
}

pre {
}

/* special event: FTP / Gopher directory listing */
#dirmsg {
    font-family: courier, monospace;
    color: black;
    font-size: 10pt;
}
#dirlisting {
    margin-left: 2%;
    margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
    border-bottom: groove;
}
#dirlisting td.size {
    width: 50px;
    text-align: right;
    padding-right: 5px;
}

/* horizontal lines */
hr {
    margin: 0;
}

/* page displayed footer area */
#footer {
    font-size: 9px;
    padding-left: 10px;
}


body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
:lang(he) { direction: rtl; }
 --></style>
</head><body id=ERR_CANNOT_FORWARD>
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>

<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href="http://www.example.org/">http://www.example.org/</a></p>

<blockquote id="error">
<p><b>Unable to forward this request at this time.</b></p>
</blockquote>

<p>This request could not be forwarded to the origin server or to any parent caches.</p>

<p>Some possible problems are:</p>
<ul>
<li id="network-down">An Internet connection needed to access this domains origin servers may be down.</li>
<li id="no-peer">All configured parent caches may be currently unreachable.</li>
<li id="permission-denied">The administrator may not allow this cache to make direct connections to origin servers.</li>
</ul>

<p>Your cache administrator is <a href="mailto:webmaster?subject=CacheErrorInfo%20-%20ERR_CANNOT_FORWARD&body=CacheHost%3A%20squid%0D%0AErrPage%3A%20ERR_CANNOT_FORWARD%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Fri,%2007%20Jan%202022%2010%3A14%3A05%20GMT%0D%0A%0D%0AClientIP%3A%20127.0.0.1%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2F%20HTTP%2F1.1%0AUser-Agent%3A%20curl%2F7.80.0%0D%0AAccept%3A%20*%2F*%0D%0AProxy-Connection%3A%20Keep-Alive%0D%0AHost%3A%20www.example.org%0D%0A%0D%0A%0D%0A">webmaster</a>.</p>

<br>
</div>

<hr>
<div id="footer">
<p>Generated Fri, 07 Jan 2022 10:14:05 GMT by squid (squid/5.3)</p>
<!-- ERR_CANNOT_FORWARD -->
</div>
</body></html>

Curl google url

squid:~ # curl https://www.google.com
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-AU"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="0yMneDS9+TiOi5JVVm7E8g==">(function(){window.google={kEI:'qhLYYb-DGqSMr7wPr8yBeA',kEXPI:'0,1302536,56873,6058,207,4804,2316,383,246,5,1354,4013,1238,1122515,1197710,380780,16115,28684,17572,4859,1361,9291,3027,17581,4020,978,13228,3847,4192,6430,7432,7331,7061,917,5081,1593,1279,2212,241,289,149,1103,840,2197,4100,109,3405,606,2023,2297,14670,3227,2845,7,5599,6755,5096,11625,4143,554,906,2,941,2614,13142,3,576,1014,1,5444,149,11323,991,1661,4,1528,2304,7113,4610,15625,4764,2658,7356,31,11413,2215,2305,2132,14995,4312,3309,2527,4094,3138,6,908,3,3541,1,16525,282,38,874,5992,14660,3783,2,3035,9864,1123,1931,784,255,2870,408,2016,5852,3695,6768,1160,4192,1487,1020,1688,690,2721,8595,9666,2,6,1,4919,2834,2124,2444,2578,3132,546,6726,11905,4790,1252,4606,2,6,1,244,7062,5174,2569,1138,2915,958,460,2770,1616,495,82,1127,117,1722,2,2,1,1196,1,210,2042,3728,4044,1277,1933,736,1152,216,2,784,3058,66,2,628,3,368,873,168,891,6,2,566,186,257,233,1065,2,698,239,320,357,2,367,955,43,1358,2853,1072,476,207,12,133,113,2180,286,41,2183,157,2,29,8,125,5,37,5,1033,378,616,192,120,1272,1047,494,17,3806,29,1235,5504926,3893,446,610,5996259,211,47,2800438,882,444,1,2,80,1,1796,1,9,2553,1,748,141,795,563,1,4265,1,1,2,1331,4142,2609,155,17,13,72,139,4,2,20,2,169,13,19,46,5,39,96,548,29,2,2,1,2,1,2,2,7,4,1,2,2,2,2,2,2,353,513,186,1,1,158,3,2,2,2,2,2,4,2,3,3,269,1601,141,66,4,53,4,9,64,4,23952776,2773820,1267532,338,3,2414,1491,9,1435,159,1358,963,165,2,3596,3,923,251,7,1282,199,2859,832858',kBL:'4JUY'};google.sn='webhp';google.kHL='en-AU';})();(function(){
.
.
.
(function(){google.jl={attn:false,blt:'none',chnk:0,dw:false,dwu:true,emtn:0,end:0,ine:false,lls:'default',pdt:0,rep:0,snet:true,strt:0,ubm:false,uwp:true};})();(function(){var pmc='{\x22d\x22:{},\x22sb_he\x22:{\x22agen\x22:true,\x22cgen\x22:true,\x22client\x22:\x22heirloom-hp\x22,\x22dh\x22:true,\x22dhqt\x22:true,\x22ds\x22:\x22\x22,\x22ffql\x22:\x22en\x22,\x22fl\x22:true,\x22host\x22:\x22google.com\x22,\x22isbh\x22:28,\x22jsonp\x22:true,\x22msgs\x22:{\x22cibl\x22:\x22Clear Search\x22,\x22dym\x22:\x22Did you mean:\x22,\x22lcky\x22:\x22I\\u0026#39;m Feeling Lucky\x22,\x22lml\x22:\x22Learn more\x22,\x22oskt\x22:\x22Input tools\x22,\x22psrc\x22:\x22This search was removed from your \\u003Ca href\x3d\\\x22/history\\\x22\\u003EWeb History\\u003C/a\\u003E\x22,\x22psrl\x22:\x22Remove\x22,\x22sbit\x22:\x22Search by image\x22,\x22srch\x22:\x22Google Search\x22},\x22ovr\x22:{},\x22pq\x22:\x22\x22,\x22refpd\x22:true,\x22rfs\x22:],\x22sbas\x22:\x220 3px 8px 0 rgba(0,0,0,0.2),0 0 0 1px rgba(0,0,0,0.08)\x22,\x22sbpl\x22:16,\x22sbpr\x22:16,\x22scd\x22:10,\x22stok\x22:\x22MHxyMYUjB0txARgshFuGN0eJIwU\x22,\x22uhde\x22:false}}';google.pmc=JSON.parse(pmc);})();</script>        </body></html>

So your problem has nothing to do with squid.

That makes sense.

I did a bit more reading in the opensuse squid docs Squid caching proxy server | Reference | openSUSE Leap 15.5 . For the hell of it I enabled the DNS server via yast with all default settings on the PC.

Squidclient, curl and firefox can now access example.org. I admit I don’t understand why at the moment and need to do a bit more reading.

squid:~ # squidclient https://www.example.org
HTTP/1.1 200 OK
Age: 587292
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Sat, 08 Jan 2022 00:50:27 GMT
ETag: "3147526947+ident"
Expires: Sat, 15 Jan 2022 00:50:27 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECS (sab/57A7)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 1256
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.1 localhost (squid/5.3)
Connection: close

squid:~ # curl https://www.example.org
<!doctype html>
<html>
<head>
    <title>Example Domain</title>

    <meta charset="utf-8" />
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <style type="text/css">
    body {
        background-color: #f0f0f2;
        margin: 0;
        padding: 0;
        font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
        
    }
    div {
        width: 600px;
        margin: 5em auto;
        padding: 2em;
        background-color: #fdfdff;
        border-radius: 0.5em;
        box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02);
    }
    a:link, a:visited {
        color: #38488f;
        text-decoration: none;
    }
    @media (max-width: 700px) {
        div {
            margin: 0 auto;
            width: auto;
        }
    }
    </style>    
</head>

<body>
<div>
    <h1>Example Domain</h1>
    <p>This domain is for use in illustrative examples in documents. You may use this
    domain in literature without prior coordination or asking for permission.</p>
    <p><a href="https://www.iana.org/domains/example">More information...</a></p>
</div>
</body>
</html>

It’s likely that Squid does DNS resolution on behalf of the client, and not having DNS configured on the server might have caused the issue - in any event, it looks like things are working now, which is great. Apologies for not following up sooner - I missed that you’d replied.