As requested, a more detailed squid.conf: acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl localnet src 10.161.128.0/20 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT cache_peer 10.55.240.250 parent 3128 3130 no-query default login=PASS http_access allow manager localhost http_access allow localnet http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all http_port 10.161.128.11:3128 intercept coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 Ben On 12 July 2012 04:25, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: > two things: > post a more detailed squid.conf to see if there is something wrong there. > > i am using squid3.1.19 and 3.2.16-17 and it works like for many others. > this problem can be an issue about routing and not related to squid at all. > > a 504 code is: > 10.5.5 504 Gateway Timeout > > The server, while acting as a gateway or proxy, did not receive a timely > response from the upstream server specified by the URI (e.g. HTTP, FTP, > LDAP) or some other auxiliary server (e.g. DNS) it needed to access in > attempting to complete the request. > > Note: Note to implementors: some deployed proxies are known to > return 400 or 500 when DNS lookups time out. > > > is there any enforcement on the usage of the cache_peer on the ip leve? ie. > without the cache_peer proxy can you get sites fine? > > Eliezer > > > On 7/11/2012 12:42 PM, Crawford, Ben wrote: >> >> Hi All, >> >> I have run into a problem with not being able to access a few specific >> things on the web when running through our local proxy. >> >> Some details: >> * The current setup is a Linux box running squid 3.1.19. >> * This is being run behind a pfsense box that is load balancing our >> two internet connections >> * Both internet connections are behind the same proxy (we are actually >> on a private network), which is set as the parent for our internal >> proxy >> * Squid is running in intercept mode >> >> With this setup, most things work as expected; I can visit web pages, >> watch youtube videos, upload attachments to gmail. However, some >> things are not working. The easiest example is speedtest.net. I can >> run the download test, but the upload test always fails. Trying to >> watch content on tvnz.co.nz (on demand content) does not work either. >> >> When running traffic without our internal proxy (ie direct to the >> parent) everything works fine. I'm stuck and can't find any >> solutions. >> >> Here is what I have tried so far: >> * First, I was hoping to run squid on the pfsense box, but ran into >> similar problems, so I tried to isolate the problem by putting in the >> Linux box. (never a bad idea to be running more recent version of >> squid either, it may be needed shortly for some of the newer features >> anyway) >> * Instead of running my full squid.conf, I am using the default >> squid.conf with just the extra line to access the parent (cache_peer >> 10.55.240.250 parent 3128 3130 no-query default login=PASS) >> * I've read bits and pieces about similar problems dealing with sysctl >> and some ipv4 settings. None of this seemed to apply, and what I did >> try didn't work. >> * Checking on the specific web pages in firefox using firebug and I >> can see some 504 errors (seemingly only on POST) - this lead me to >> check the logs for POST with 504 errors (see logs below) >> * Checked the problem in IE, Chrome and Firefox >> * Lots of googleing and reading of squid documentation >> >> Here is what is showing in the squid logs where there is a 504 with a >> POST, you'll notice that most are for the local speedtest.net testing. >> I figured not much point finding lots of sites when just a few are >> causing problems. >> >> 1342030821.058 59542 10.161.128.34 TCP_MISS/504 4301 POST >> http://speedtest.worldnet.co.nz/speedtest.net/speedtest/upload.php? - >> DIRECT/202.169.192.58 text/html >> 1342030821.058 59536 10.161.128.34 TCP_MISS/504 4300 POST >> http://speedtest.worldnet.co.nz/speedtest.net/speedtest/upload.php? - >> DIRECT/202.169.192.58 text/html >> 1342039010.134 60806 10.161.128.34 TCP_MISS/504 4285 POST >> http://rt1403.infolinks.com/action/doq.htm? - DIRECT/64.71.153.213 >> text/html >> 1342039947.624 59642 10.161.128.34 TCP_MISS/504 4834 POST >> http://c.brightcove.com/services/messagebroker/amf? - >> DIRECT/8.19.200.152 text/html >> 1342040562.565 61340 10.161.128.34 TCP_MISS/504 4469 POST >> http://2975c.v.fwmrm.net/ad/p/1? - DIRECT/75.98.70.31 text/html >> 1342040573.047 59531 10.161.128.34 TCP_MISS/504 4834 POST >> http://c.brightcove.com/services/messagebroker/amf? - >> DIRECT/8.19.200.152 text/html >> 1342040679.001 59688 10.161.128.34 TCP_MISS/504 4838 POST >> http://c.brightcove.com/services/messagebroker/amf? - >> DIRECT/64.152.208.202 text/html >> 1342040700.694 59871 10.161.128.34 TCP_MISS/504 4469 POST >> http://2975c.v.fwmrm.net/ad/p/1? - DIRECT/75.98.70.31 text/html >> 1342040742.908 60168 10.161.128.34 TCP_MISS/504 4295 POST >> http://speedtest.orcon.net.nz/speedtest/upload.php? - >> DIRECT/219.88.241.70 text/html >> 1342040742.908 60162 10.161.128.34 TCP_MISS/504 4296 POST >> http://speedtest.orcon.net.nz/speedtest/upload.php? - >> DIRECT/219.88.241.70 text/html >> 1342042640.381 60407 10.161.128.34 TCP_MISS/504 4295 POST >> http://speedtest.orcon.net.nz/speedtest/upload.php? - >> DIRECT/219.88.241.70 text/html >> 1342042640.381 60026 10.161.128.34 TCP_MISS/504 4297 POST >> http://speedtest.orcon.net.nz/speedtest/upload.php? - >> DIRECT/219.88.241.70 text/html >> 1342042921.326 60879 10.161.128.34 TCP_MISS/504 4831 POST >> http://c.brightcove.com/services/messagebroker/amf? - >> DIRECT/64.152.208.202 text/html >> >> >> Any suggestions about getting the rest of the web up running through >> our local squid would be most appreciated. >> >> Cheers, >> Ben >> > > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.il > >
