Hello, I have a squid that was working great with virtually all traffic. Then a few days ago people began reporting issues with sites that used https. If it was a large amount of data to be transferred, like attaching a large document to a webmail, it would just hang. Other https sites that used java, or aspx, or things like that would frequently hang too. I'm at my wits end trying to figure out what went wrong. I didn't change anything. If anyone has any ideas how I can troubleshoot this I would be so grateful. here is my squid.conf --------------------------------------------------------------------------------------------------------------------- http_port 3128 http_port 80 https_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 168 MB cache_dir ufs /usr/local/squid/cache 400 16 256 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log pid_filename /usr/local/squid/logs/squid.pid debug_options 4,10 26,3 ftp_sanitycheck off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl fulda dst 130.0.0.0/255.0.0.0 acl origNet src 192.9.70.0/255.255.255.0 acl abyzNetU src 130.16.64.0/255.255.192.0 acl abyzNetW src 130.16.128.0/255.255.192.0 acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl scanner dst 192.9.70.243 acl autoweb dst 67.109.76.29 acl SSL_ports port 443 563 acl Safe_ports port 1025-4000 acl CONNECT method CONNECT acl awubi src 130.16.128.193 http_access allow awubi acl hp dstdomain .hp.com always_direct allow hp acl gms dstdomain .gmsupplypower.com always_direct allow gms acl tpm dstdomain .tripmanager.com always_direct allow tpm acl avgate dstdomain .avgate.net always_direct allow avgate acl gm dstdomain .gm.com always_direct allow gm acl aweb dstdomain .autoweb.net always_direct allow aweb acl pgc dstdomain .puregreencars.com always_direct allow pgc acl vpn dstdomain .customer1.com always_direct allow vpn acl dcx dstdomain .customer1.com always_direct allow dcx acl ead dstdomain .abyzaerodef.com always_direct allow ead acl scott dstdomain .scottrade.com always_direct allow scott acl interstate dstdomain .interstatetraveler.us always_direct allow interstate acl volker1 dstdomain .cvent.com always_direct allow volker1 acl sapallow dst 130.10.198.10/32 acl gmutils dst 130.170.126.202/32 acl gmutils2 dstdomain a.b.c.com acl gmutils3 dstdomain .gm.com acl gmutils4 dst 130.170.0.0/16 acl gmutils5 port 443 acl aribert dstdomain .dayrunner.com acl mariusz src 130.16.128.127 acl ebay dstdomain .ebay.com acl sols dst 198.63.61.35 acl sols2 dstdomain www2.abyz-us.com acl sols3 dstdomain .abyz-us.com acl chry4 dstdomain vpnpasswd.tcc.customer1.com acl chry5 dstdomain roadmap.tcc.cser.com acl chry6 dstdomain .customer1.com acl chry7 dstdomain intra-wiw.e.customer1.com acl chry8 dstdomain web3270.appl.customer1.com acl chryextra dstdomain web3270.extra.customer1.com acl chry9 dstdomain anywhere.customer1.com acl hotel5 dst 15.173.128.247/32 acl hotel6 dst 155.72.128.147/32 acl brasil1 dst 200.245.73.181 acl abyz_forbidden url_regex "/usr/local/squid/etc/abyzforbidden/abyz_blocked.txt" acl abyz_forbidden_always url_regex "/usr/local/squid/etc/abyzforbidden/abyz_deny.always" acl abyz_forbidden_lunch url_regex "/usr/local/squid/etc/abyzforbidden/abyz_deny.lunch" http_access allow volker1 http_access allow scanner http_access allow autoweb http_access allow sapallow http_access allow gmutils http_access allow gmutils2 http_access allow gmutils4 http_access allow gmutils5 http_access allow ebay http_access allow mariusz http_access deny abyz_forbidden http_access allow sols http_access allow sols2 http_access allow sols3 http_access allow chry4 http_access allow chry5 http_access allow chry6 http_access allow chry7 http_access allow chry8 http_access allow chry9 http_access allow hotel5 http_access allow hotel6 http_access allow brasil1 http_access allow aribert http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow fulda http_access allow origNet http_access allow abyzNetW http_access allow abyzNetU http_access deny all http_reply_access allow all icp_access allow all cache_mgr help@xxxxxxxxxxx cache_effective_user squid cache_effective_group squid visible_hostname srvproxy228 dns_testnames google.com internic.net nlanr.net ibm.com -------------------------------------------------------------------------------------------------- Thanks, Dean Durant -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
