Thank you, Amos -- it had to do with the dual NICs on the server, and weird routing between the two subnets represented. -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Thursday, August 19, 2010 5:52 AM To: squid-users@xxxxxxxxxxxxxxx Subject: EXTERNAL: Re: Slow basic authentication Bucci, David G wrote: > Hi - I've got Squid configured on both the client and server (reference recent discussions on establishing an SSL tunnel for all traffic from a client to a server -- I'm using that configuration, though I've yet to turn on the SSL). > > I'm seeing inconsistent, and generally slow behavior when accessing our origin server, which requires basic authentication. Sometimes the browser prompts for uid/pw, sometimes it doesn't, and often it takes a loooong time. > Since you don't have the SSL yet it should be easy to grab a packet trace of the headers flowing between the two Squid and see whats going on that takes so long. > Using the Windows distro of 2.7 from Acme, build 8. > > Are there any tuning options necessary when caching against servers that send back a 401 initially? Though I didn't think it was correct, I've tried login=PASS on the cache_peer line in the client. > Should not matter 401 challenge headers are supposed to be passed straight through Squid. > Note that I have cache deny all set, on both the client and the serve, and proxy-only in the client's cache_peer parent line -- we're proxying access to web service calls, all of which should return unique results, so no caching needed/wanted. > Squid still needs to pass them through store in transit. Ensuring the presence of a Content-Length header can prevent Squid falling back on disk storage for temporary unknown-length objects. And a cache_mem at least big enough to store the required in-transit ones lets them fly past quickly. I don't think that is related to the problem though. > When I set Firefox to NOT use the procy, there I no slowdown, I get immediately prompted for uid/pw. > Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.6 Beta testers wanted for 3.2.0.1