On 2013-01-23 20:28, dweimer wrote:
On 2013-01-23 17:05, dweimer wrote:
On 2013-01-23 13:59, dweimer wrote:
On 2013-01-23 13:48, dweimer wrote:
We are having an issue with a web based employment application
form
after upgrading our reverse proxy from 3.1.20 to 3.2.6. The proxy
logs the following:
1358969527.735 300778 75.91.238.15 TCP_MISS/400 459 POST
https://...
Some do go through but very slowly, any ideas what would cause
this?
The form is a simple form on a Plone server with Apache 2.2.23 in
between handling the HTTPS on the back end server.
Oops, copied one of the few that works, instead of one of the many
that failed, the log that shows up when failed is at
TCP_MISS_ABORTED.
1358969226.938 63434 75.91.238.15 TCP_MISS_ABORTED/000 0 POST
https://...
Another update, I have confirmed that uploads to our PHP based File
Management Application (http://ajaxplorer.info) are also triggering
the same problem. This is running on Apache 2.2.23 on the same
server
as the Squid application. I don't have any non HTTPS forms behind
this reverse proxy to verify if the problem is only on the https
side
or not. We have verified that both applications work correctly when
connecting directly to them and not going through the reverse proxy.
I have also verified that it works fine using Squid 3.2.6 as a
forward
proxy on the client side when accessing the applications directly.
So
its something specific to the reverse proxy setup.
There's just one https_port line:
https_port 10.50.20.10:443 accel
cert=/usr/local/etc/squid/certs/myserver.crt
key=/usr/local/etc/squid/certs/myserver.key
options=NO_SSLv2:NO_TLSv1:CIPHER_SERVER_PREFERENCE
cipher=RC4:!MD5:!aNULL:!EDH defaultsite=www.mydefaultdomain.com
I do have multiple SSL sites using a ucc certifcate, the cache peer
lines look like the following, just different IPs,
cache_peer_domains,
and acache_peer_access lists:
cache_peer 127.0.0.1 parent 443 0 ssl no-query no-digest
no-netdb-exchange originserver name=local_ssl_parent
sslcapath=/usr/local/share/certs sslflags=DONT_VERIFY_PEER
cache_peer_domain local_ssl_parent www.mydefaultsite.com
cache_peer_access local_ssl_parent allow defaultsite SSL
Is there any type of maximum post size setting that could be causing
this, I didn't see anything looking through the configuration
options.
All downloads appear to be fine, some forms to submit data work just
fine, but those are very small forms. So I am wondering if there is
some sort of post size limit I am hitting that didn't exist in the
3.1
branch.
After more testing, creating a simple file upload form on with PHP, I
have traced it down to only HTTPS, works fine with HTTP, and only if
the post is over a certain size, haven't confirmed which size it
breaks at, I know 3.04k fails at and 2.2k works.
Well its a good thing this server is virtual, because if it was a
physical server I would be throwing it out the window. I removed squid
3.2.6, installed 3.1.23. Same problem, is there any known issue doing
HTTPS reverse proxies on FreeBSD 9.1? Because the only difference
between this one now and the original server I upgraded from is FreeBSD
9.1 instead of FreeBSD 9.0-p4.
I am switching over to to old server and hoping the problem doesn't
exist on it as well.
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
