I have been using squid since the beginning of time (1999) and this is the first show stopper I have ran into, nice work!!
Over the weekend we changed ISPs. the only thing changed on the network was the physical ISP router the firewall was connected to, the firewall was given a new IP on its external interface (ACLs remained the same), the DMZ and internal hosts/network had no changes, excluding DNS changes on the external DNS server, which does not service internal queries. Both the old and new Internet solution came to us over multi T1s (using OSPF to load share).
We tested over the weekend, everything seemed fine. From external sites we could hit all of our DMZ services, from internally we could send mail, everything else worked as expected also. I assumed because we could load external web sites, all was well and time to go home. Today, Monday, when I came into work there were several emails about sites not loading. The common thing amount these sites was they seemed to want to POST something. For example, you can not log onto webmail servers using squirrelmail at all, gmail allows you to log on but not send mail, yahoo mail is broken in the same way, and many other sites will not load if they have forms or similar.
If I remove the proxy config from my browser, go direct to the site, things work. Any idea? attached is a tar.gz of the squid logs, the production squid server is 2.5.STABLE8, and I just set up and tested 2.5.STABLE13 on another server, same results. the logs are from the new proxy setup. Below is a part of the debug log where it looks as if things might start to go south (this is after restarting squid in debug mode:: squid -k debug):
all the below has the same time stamp: 2006/04/10 13:08:06
comm_poll: FD 15 ready for writing
commHandleWrite: FD 15: off 0, sz 87.
commHandleWrite: write() returns 87
cbdataValid: 0x84d3340
httpSendRequestEntry: FD 15: size 87: errflag 0.
httpSendRequestEntryDone: FD 15
httpSendRequestEntryDone: No brokenPosts list
httpSendComplete: FD 15: size 0: errflag 0.
commSetTimeout: FD 15 timeout 900
cbdataUnlock: 0x84d3340
comm_poll: 1+0 FDs ready
comm_poll: FD 15 ready for reading
httpReadReply: FD 15: len -1.
httpReadReply: FD 15: read failure: (104) Connection reset by peer.
fwdFail: ERR_READ_ERROR "Bad Gateway"
http://notes.fqdn.com/src/redirect.php
comm_close: FD 15
commCallCloseHandlers: FD 15
commCallCloseHandlers: ch->handler=0x807e350
cbdataValid: 0x84d3340
storeUnlockObject: key 'BA8D1FD8AECCBFEFC149B8D63E0D93C6' count=2
cbdataFree: 0x84d3340
cbdataFree: 0x84d3340 has 1 locks, not freeing
cbdataUnlock: 0x84d3340
cbdataUnlock: Freeing 0x84d3340
commCallCloseHandlers: ch->handler=0x8071a30
cbdataValid: 0x84d28e0
fwdServerClosed: FD 15 http://notes.fqdn.com/src/redirect.php
fwdStateFree: 0x84d28e0
storeLockObject: key 'BA8D1FD8AECCBFEFC149B8D63E0D93C6' count=3
creating rep: 0x84d7190
init-ing hdr: 0x84d71d0 owner: 2
0x84d71d0 lookup for 38
0x84d71d0 lookup for 9
0x84d71d0 lookup for 22
errorConvert: %U --> 'http://notes.fqdn.com/src/redirect.php'
errorConvert: %U --> 'http://notes.fqdn.com/src/redirect.php'
errorConvert: %E --> '(104) Connection reset by peer'
errorConvert: %w --> '5555@xxxxxxx'
errorConvert: %w --> '5555@xxxxxxx'
errorConvert: %T --> 'Mon, 10 Apr 2006 17:08:06 GMT'
errorConvert: %h --> 'new0.dkp.com'
errorConvert: %s --> 'squid/2.5.STABLE13'
errorConvert: %S --> '
<BR clear="all">
<HR noshade size="1px">
<ADDRESS>
Generated Mon, 10 Apr 2006 17:08:06 GMT by new0.dkp.com (squid/2.5.STABLE13)
</ADDRESS>
</BODY></HTML>
'
Attachment:
logs-squid.tar.gz
Description: application/gunzip
