Hi all. I'm not an expert of Squid and I already tried googling for a solution. I'm facing troubles with Squid (currently using 3.0PRE5 on Debian etch, but already tried 2.6 branch) surfing on https sites (webmail and internet banking in particular). Surfing on those sites, ssl connections seems really slow. The browser freeze rendering the page, which appear white but with the correct sitename on the titlebar, or it doesn't render the page at all. The strange behavior happens *only* with Internet Explorer (6th release, don't know with the 7th). Firefox and Opera works well. I really don't know what to look for, because this is my first real world installation for a hundreds-user environment. I attach my configuration (sorry for the long post), hoping in your help or suggestions. ==================================== http_port 3128 icp_port 0 htcp_port 0 acl static_content urlpath_regex -i \.(jpg|gif|png|ico|css|js|doc|pdf|mp3)$ no_cache allow static_content acl post_requests method POST no_cache deny post_requests #acl gmail urlpath_regex mail\.google\.com #always_direct allow gmail #acl trenitalia urlpath_regex bankpass\.ssb\.it*trenitalia #always_direct allow trenitalia hierarchy_stoplist cgi-bin ? acl DENY urlpath_regex cgi-bin \? no_cache deny DENY cache_mem 128 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB maximum_object_size_in_memory 12 KB ipcache_size 512 ipcache_low 90 ipcache_high 95 fqdncache_size 512 cache_replacement_policy lru memory_replacement_policy lru cache_dir aufs /cache/cache1 1024 16 256 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 quick_abort_min 32 KB quick_abort_max 128 KB quick_abort_pct 93 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl SSL_ports port 4343 acl Safe_ports port 21 # ftp acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl CONNECT method CONNECT acl purge method PURGE acl snmp_get snmp_community proxystat acl MyNetworks src 172.28.0.0/16 http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow MyNetworks http_access allow localhost http_access deny all http_reply_access allow all snmp_port 3401 snmp_access allow snmp_get localhost snmp_access deny all client_db on client_netmask 255.255.255.255 forwarded_for on # cache_access_log /var/log/squid3/access.log # cache_log /var/log/squid3/cache.log cache_store_log none emulate_httpd_log off # mime_table /etc/squid/mime.conf # pid_filename /var/run/squid.pid # debug_options ALL,1 # negative_ttl 5 minutes # range_offset_limit 0 KB cache_mgr root@localhost logfile_rotate 4 relaxed_header_parser warn buffered_logs on dns_nameservers 151.99.0.100 offline_mode off coredump_dir /var/spool/squid3 half_closed_clients off client_persistent_connections off # pipeline_prefetch off ie_refresh on ==================================== -- Michele
