Search squid archive

Squid won't load certain pages.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Like http://wiki.squid-cache.org/SquidFaq/SquidAcl &
http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0 for a
start.  Both load fine if I bypass Squid, but neither will load properly
if I try and retrieve them via Squid.  They'll take between 5 & 15
minutes to arrive and when they do, the content is usually partial and
the layout decidedly wrong.

I've trawled though all the usual: ECN, tcp windows, OS specific things
and have set Wireshark loose on it.  The networks dumps just show Yahoo
mail working fine for the initial logon and subsequent referrals, but as
soon as it leaves the SSL session having verified the session
authentication and tries to retrieve the actual mail front page,
(http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0 for
example) it slows to a crawl.  Other than the speed I can't see anything
actually going wrong.

I also get this on a variety of other sites, especially
www.guardian.co.uk and sometimes www.direct.gov.uk. 

Any help would be much appreciated as I've got disgruntled students /
tutors / staff and I'm very much in need of gruntling them again.  If
that's a word.  If not, I'll settle for quietening them down.

Thanks,


Callum.


Stuff of note:

Browsers: IE 6.x & Firefox 2.0.X
Fedora Core 7.
Kernel 2.6.23.15-80.fc7  on an i686 - Intel(R) Xeon - GNU/Linux.
squid-2.6.STABLE16-4.fc7 (Fc7 rpm).

Non defaults from squid.conf:

http_port 10.3.0.1:3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \? showFolder asp 
no_cache deny QUERY
cache_mem 512 MB
cache_swap_low 50
cache_swap_high 95
maximum_object_size 8192 KB
cache_dir ufs /var/spool/squid 10000 16 256
cache_dir ufs /var/spool/squid2 10000 16 256
cache_access_log /var/log/squid/access.log
debug_options ALL,3
dns_nameservers 10.3.0.1 10.3.0.2
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
"dc=quack,dc=org,dc=local" -D
"cn=LDAP_guest,OU=ADMIN,DC=quack,DC=org,DC=local" -w "XXXXXX" -f
sAMAccountName=%s -h 10.3.0.3
    auth_param basic children 5
    auth_param basic realm "Donkey Centre"
    auth_param basic credentialsttl 5 minutes
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
external_acl_type InetUsersGroup %LOGIN /usr/lib/squid/squid_ldap_group
-R -b "dc=quack,dc=org,dc=local" -D
"cn=LDAP_guest,OU=ADMIN,DC=quack,DC=org,DC=local" -w "XXXXXX" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%
a,ou=users,dc=quack,dc=org,dc=local))" -h 10.3.0.2
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 2083
acl localip src 10.0.0.0/8
acl PURGE method PURGE
acl apache src 10.0.0.0/8
acl localnet proxy_auth REQUIRED src 10.0.0.0/8
acl InetAccess external InetUsersGroup SquidUsers
acl CONNECT method CONNECT
http_access allow PURGE localhost
http_access allow manager localip
http_access allow manager apache
http_access allow InetAccess
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 10.0.0.0/8
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr postmaster@xxxxxxxxxxxxxxxxxxx
mail_from squid@xxxxxxxxxxxxxxxxxxx
visible_hostname gate.quack.ducks.com.etc
cachemgr_passwd XXXXXX all
coredump_dir /var/spool/squid
extension_methods REPORT MERGE MKACTIVITY CHECKOUT


Excerpt from cache.log following request for
http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0:

2008/04/08 15:57:00| fwdConnectStart:
http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0
2008/04/08 15:57:00| fwdConnectStart: got addr 0.0.0.0, tos 0
2008/04/08 15:57:00| fd_open FD 39
http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0
2008/04/08 15:57:00| cbdataLock: 0x8cdd798
2008/04/08 15:57:00| commSetTimeout: FD 39 timeout 60
2008/04/08 15:57:00| commConnectStart: FD 39, uk.mc260.mail.yahoo.com:80
2008/04/08 15:57:00| cbdataLock: 0x8cdd798
2008/04/08 15:57:00| cbdataLock: 0x8cdd7e8
2008/04/08 15:57:00| cbdataLock: 0x8cdd7e8
2008/04/08 15:57:00| cbdataValid: 0x8cdd7e8
2008/04/08 15:57:00| ipcacheCycleAddr: uk.mc260.mail.yahoo.com now at
87.248.111.187
2008/04/08 15:57:00| cbdataUnlock: 0x8cdd7e8
2008/04/08 15:57:00| cbdataUnlock: 0x8cdd798
2008/04/08 15:57:00| storeUnlockObject: key
'27D91622B3E024FF88542C1541F6B2D3' count=3
2008/04/08 15:57:00| cbdataFree: 0x8bec610
2008/04/08 15:57:00| cbdataFree: Freeing 0x8bec610
2008/04/08 15:57:00| cbdataUnlock: 0x8d094a8
2008/04/08 15:57:00| cbdataUnlock: 0x8d8c0e0
2008/04/08 15:57:00| cbdataFree: 0x8bd9a90
2008/04/08 15:57:00| cbdataFree: Freeing 0x8bd9a90
2008/04/08 15:57:00| cbdataFree: 0x8d127a0
2008/04/08 15:57:00| cbdataFree: 0x8d127a0 has 1 locks, not freeing
2008/04/08 15:57:00| cbdataUnlock: 0x8d127a0
2008/04/08 15:57:00| cbdataUnlock: Freeing 0x8d127a0
2008/04/08 15:57:00| comm_select: timeout 488
2008/04/08 15:57:00| cbdataUnlock: 0x8cdd7e8
2008/04/08 15:57:00| commSetTimeout: FD 39 timeout -1
2008/04/08 15:57:00| commConnectFree: FD 39
2008/04/08 15:57:00| cbdataFree: 0x8cdd7e8
2008/04/08 15:57:00| cbdataFree: Freeing 0x8cdd7e8
2008/04/08 15:57:00| cbdataValid: 0x8cdd798
2008/04/08 15:57:00| fwdConnectDone: FD 39:
'http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0'
2008/04/08 15:57:00| fwdDispatch: FD 34: Fetching 'GET
http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0'
2008/04/08 15:57:00| httpStart: "GET
http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0";
2008/04/08 15:57:00| storeLockObject: key
'27D91622B3E024FF88542C1541F6B2D3' count=4
2008/04/08 15:57:00| cbdataLock: 0x8cead28
2008/04/08 15:57:00| commSetTimeout: FD 39 timeout 86400
2008/04/08 15:57:00| getMaxAge:
'http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0'
2008/04/08 15:57:00| cbdataLock: 0x8cead28
2008/04/08 15:57:00| cbdataUnlock: 0x8cdd798
2008/04/08 15:57:00| comm_select: timeout 433
2008/04/08 15:57:00| cbdataValid: 0x8cead28
2008/04/08 15:57:00| commSetTimeout: FD 39 timeout 900
2008/04/08 15:57:00| cbdataUnlock: 0x8cead28
2008/04/08 15:57:00| comm_select: timeout 433
2008/04/08 15:57:00| ctx: enter level  0:
'http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0'
2008/04/08 15:57:00| httpProcessReplyHeader: key
'27D91622B3E024FF88542C1541F6B2D3'
2008/04/08 15:57:00| httpProcessReplyHeader: HTTP CODE: 200
2008/04/08 15:57:00| storeExpireNow: '27D91622B3E024FF88542C1541F6B2D3'
2008/04/08 15:57:00| storeGet: looking up
88ECBC523E9AEA95834A7F145E64EC69
2008/04/08 15:57:00| storeGet: looking up
199F1E34B1E329E02396FA9A41720E7A
2008/04/08 15:57:00| ctx: exit level  0
2008/04/08 15:57:00| InvokeHandlers: 27D91622B3E024FF88542C1541F6B2D3
2008/04/08 15:57:00| InvokeHandlers: checking client #0
2008/04/08 15:57:00| cbdataLock: 0x8d87958
2008/04/08 15:57:00| storeClientCopy2: 27D91622B3E024FF88542C1541F6B2D3
2008/04/08 15:57:00| storeClientCopy3: Copying from memory
2008/04/08 15:57:00| cbdataValid: 0x8d094a8
2008/04/08 15:57:00| clientBuildReplyHeader: can't keep-alive, unknown
body size
2008/04/08 15:57:00| cbdataLock: 0x88e9558
2008/04/08 15:57:00| cbdataLock: 0x8d8c0e0
2008/04/08 15:57:00| aclMatchAclList: checking all
2008/04/08 15:57:00| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/04/08 15:57:00| aclMatchIp: '10.2.2.16' found
2008/04/08 15:57:00| aclMatchAclList: returning 1
2008/04/08 15:57:00| httpReplyBodyBuildSize: Setting maxBodySize to 0
2008/04/08 15:57:00| cbdataUnlock: 0x8d8c0e0
2008/04/08 15:57:00| cbdataUnlock: 0x88e9558
2008/04/08 15:57:00| cbdataFree: 0x8bd9a90
2008/04/08 15:57:00| cbdataFree: Freeing 0x8bd9a90
2008/04/08 15:57:00| clientSendMoreHeaderData: Appending 1628 bytes
after 414 bytes of headers
2008/04/08 15:57:00| cbdataLock: 0x8d094a8
2008/04/08 15:57:00| cbdataValid: 0x8d094a8
2008/04/08 15:57:00| cbdataValid: 0x8d094a8
2008/04/08 15:57:00| cbdataValid: 0x8d094a8
2008/04/08 15:57:00| cbdataLock: 0x88e9a18
2008/04/08 15:57:00| cbdataLock: 0x8d8c0e0
2008/04/08 15:57:00| cbdataLock: 0x8cd8750
2008/04/08 15:57:00| cbdataValid: 0x88e9a18
2008/04/08 15:57:00| aclCheck: checking 'http_reply_access allow all'
2008/04/08 15:57:00| aclMatchAclList: checking all
2008/04/08 15:57:00| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/04/08 15:57:00| aclMatchIp: '10.2.2.16' found
2008/04/08 15:57:00| aclMatchAclList: returning 1
2008/04/08 15:57:00| aclCheck: match found, returning 1
2008/04/08 15:57:00| cbdataUnlock: 0x88e9a18
2008/04/08 15:57:00| aclCheckCallback: answer=1
2008/04/08 15:57:00| cbdataValid: 0x8cd8750
2008/04/08 15:57:00| cbdataValid: 0x8d094a8
2008/04/08 15:57:00| The reply for GET
http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0 is
ALLOWED, because it matched 'all'
2008/04/08 15:57:00| cbdataValid: 0x8d094a8
2008/04/08 15:57:00| cbdataFree: 0x8cd8750
2008/04/08 15:57:00| cbdataFree: 0x8cd8750 has 1 locks, not freeing
2008/04/08 15:57:00| cbdataValid: 0x8d094a8
2008/04/08 15:57:00| cbdataLock: 0x8d094a8
2008/04/08 15:57:00| cbdataUnlock: 0x8d094a8
2008/04/08 15:57:00| cbdataUnlock: 0x8cd8750
2008/04/08 15:57:00| cbdataUnlock: Freeing 0x8cd8750
2008/04/08 15:57:00| cbdataUnlock: 0x8d8c0e0
2008/04/08 15:57:00| cbdataFree: 0x8bd9a90
2008/04/08 15:57:00| cbdataFree: Freeing 0x8bd9a90
2008/04/08 15:57:00| cbdataUnlock: 0x8d094a8
2008/04/08 15:57:00| cbdataUnlock: 0x8d87958
2008/04/08 15:57:00| commSetTimeout: FD 39 timeout 900
2008/04/08 15:57:01| comm_select: timeout 350
2008/04/08 15:57:01| cbdataValid: 0x8d094a8
2008/04/08 15:57:01| storeClientCopy: 27D91622B3E024FF88542C1541F6B2D3,
seen 2042, want 2042, size 4096, cb 0x806cc8f, cbdata 0x8d094a8
2008/04/08 15:57:01| cbdataLock: 0x8d094a8
2008/04/08 15:57:01| cbdataLock: 0x8d87958
2008/04/08 15:57:01| storeClientCopy2: 27D91622B3E024FF88542C1541F6B2D3
2008/04/08 15:57:01| storeClientCopy3: Waiting for more
2008/04/08 15:57:01| cbdataUnlock: 0x8d87958
2008/04/08 15:57:01| cbdataUnlock: 0x8d094a8
2008/04/08 15:57:01| comm_select: timeout 350
2008/04/08 15:57:01| fd_open FD 76 HTTP Request
2008/04/08 15:57:01| cbdataLock: 0x88e58a8
2008/04/08 15:57:01| cbdataLock: 0x8db16e8
2008/04/08 15:57:01| commSetTimeout: FD 76 timeout 300
2008/04/08 15:57:01| aclMatchAclList: checking all
2008/04/08 15:57:01| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/04/08 15:57:01| aclMatchIp: '10.2.2.16' found
2008/04/08 15:57:01| aclMatchAclList: returning 1
2008/04/08 15:57:01| comm_select: timeout 331
2008/04/08 15:57:01| cbdataLock: 0x8db16e8
2008/04/08 15:57:01| parseHttpRequest: req_hdr = {Host: mail.yimg.com
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.8.1.13)
Gecko/20080325 Fedora/2.0.0.13-1.fc8 Firefox/2.0.0.13
Accept: image/png,*/*;q=0.5
Accept-Language: en-gb
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0
Proxy-Authorization: Basic XXXXXXXXXXXXXXX

}
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux