On Wed, 19 Aug 2009 20:58:19 -0700, Jason <jason@xxxxxxxx> wrote: > Everyone, > > I am running squid 3.1.0.6, transparent/intercepting (non tproxy, non > wpad, etc), nat'ted network, and users are reporting problems using the > uploaders at the facebook website. When I explored this, here is what I > found: > > Facebook has two upload methods, a newer java based one, and an older > html forms (i think) based one. > > 1. Both uploaders work perfectly when I bypass squid. > > 2. With internet explorer, the old uploader works fine > > 3. With Internet Explorer, the new uploader fails at first. If you > immediately hit the "Upload" button after the failure, it works. > > 4. With Firefox, the old uploader gives this error from squid: > ERROR > The requested URL could not be retrieved > The following error was encountered while trying to retrieve the URL: > http://upload.facebook.com > /photos_upload.php > Connection to upload.facebook.com failed. > The system returned: (110) Connection timed out > The remote host or network may be down. Please try the request again. > Your cache administrator is yours truly. > > 5. With Firefox, the new uploader fails at first. If you immediately > hit the "Upload" button after a failure, it works (just like the IE case). > > On the proxy machine: > tcp_window_scaling is off > tcp_ecn is off > .facebook.com is in the "always direct" list I maintain. > > > Any help in solving this would be great! > > Jason > > Below is my Config: > qos_flows local-hit=0x30 > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl to_localhost dst 127.0.0.0/8 > acl Safe_ports port 80 # http > acl CONNECT method CONNECT > http_access allow manager localhost > http_access deny manager > acl our_networks src 10.0.0.0/16 > http_access allow our_networks > http_access allow localhost > acl directlist dstdomain "/etc/squid/directsites" > always_direct allow directlist > http_access deny all > http_reply_access allow our_networks > http_reply_access allow localhost > http_reply_access deny all > icp_access deny all > htcp_access deny all > htcp_clr_access deny all > miss_access allow our_networks > miss_access allow localhost > miss_access deny all > http_port 10.0.0.1:3594 transparent disable-pmtu-discovery=transparent > http_port 127.0.0.1:3594 transparent disable-pmtu-discovery=transparent > cache_mem 128 MB > memory_replacement_policy heap GDSF > cache_replacement_policy heap LFUDA > cache_dir aufs /squida 21760 16 256 > cache_dir aufs /squidb 21760 16 256 > cache_dir aufs /squidc 21760 16 256 > max_open_disk_fds 0 > minimum_object_size 0 KB > maximum_object_size 10 MB > cache_swap_low 95 > cache_swap_high 97 > access_log /var/log/squid/access.log > cache_log /var/log/squid/cache.log > cache_store_log /var/log/squid/store.log > mime_table /etc/squid/mime.conf > pid_filename /var/run/squid.pid > log_fqdn off > strip_query_terms off > unlinkd_program /usr/lib/squid/unlinkd > url_rewrite_program /usr/bin/squidGuard > url_rewrite_children 32 > url_rewrite_concurrency 0 > url_rewrite_host_header on > url_rewrite_bypass off > refresh_pattern (cgi-bin|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > quick_abort_min 50 KB > quick_abort_max 50 KB > quick_abort_pct 50 > read_ahead_gap 16 KB > negative_ttl 0 minutes > positive_dns_ttl 5 minutes > negative_dns_ttl 10 seconds > range_offset_limit 0 KB > request_header_max_size 128 KB > reply_header_max_size 128 KB > ie_refresh on > request_entities on > forward_timeout 1 minutes > connect_timeout 20 seconds > shutdown_lifetime 3 seconds default > cache_mgr support@xxxxxxxx > cache_effective_user proxy > cache_effective_group proxy > visible_hostname integrityinternet.net > snmp_port 45656 > snmp_access allow our_networks > snmp_access allow localhost > snmp_access deny all > snmp_incoming_address 10.0.0.1 > icon_directory /usr/share/squid/icons > dns_nameservers 127.0.0.1 > ipcache_size 5120 > ipcache_low 95 > ipcache_high 97 > fqdncache_size 5120 > memory_pools_limit 512 MB > client_db off > uri_whitespace strip > coredump_dir /squida > pipeline_prefetch off > client_persistent_connections off > server_persistent_connections off Please note that "always_direct" does not mean the URLs bypass Squid. It means that squid will not pass those requests to a cache_peer server. Of which you have none, meaning the always_direct is merely wasting CPU time. Please try these: * a current release of 3.1 * turning persistent connections ON. client_persistent_connections off server_persistent_connections off Amos
