Hi All,
I have run into a problem with not being able to access a few specific
things on the web when running through our local proxy.
Some details:
* The current setup is a Linux box running squid 3.1.19.
* This is being run behind a pfsense box that is load balancing our
two internet connections
* Both internet connections are behind the same proxy (we are actually
on a private network), which is set as the parent for our internal
proxy
* Squid is running in intercept mode
With this setup, most things work as expected; I can visit web pages,
watch youtube videos, upload attachments to gmail. However, some
things are not working. The easiest example is speedtest.net. I can
run the download test, but the upload test always fails. Trying to
watch content on tvnz.co.nz (on demand content) does not work either.
When running traffic without our internal proxy (ie direct to the
parent) everything works fine. I'm stuck and can't find any
solutions.
Here is what I have tried so far:
* First, I was hoping to run squid on the pfsense box, but ran into
similar problems, so I tried to isolate the problem by putting in the
Linux box. (never a bad idea to be running more recent version of
squid either, it may be needed shortly for some of the newer features
anyway)
* Instead of running my full squid.conf, I am using the default
squid.conf with just the extra line to access the parent (cache_peer
10.55.240.250 parent 3128 3130 no-query default login=PASS)
* I've read bits and pieces about similar problems dealing with sysctl
and some ipv4 settings. None of this seemed to apply, and what I did
try didn't work.
* Checking on the specific web pages in firefox using firebug and I
can see some 504 errors (seemingly only on POST) - this lead me to
check the logs for POST with 504 errors (see logs below)
* Checked the problem in IE, Chrome and Firefox
* Lots of googleing and reading of squid documentation
Here is what is showing in the squid logs where there is a 504 with a
POST, you'll notice that most are for the local speedtest.net testing.
I figured not much point finding lots of sites when just a few are
causing problems.
1342030821.058 59542 10.161.128.34 TCP_MISS/504 4301 POST
http://speedtest.worldnet.co.nz/speedtest.net/speedtest/upload.php? -
DIRECT/202.169.192.58 text/html
1342030821.058 59536 10.161.128.34 TCP_MISS/504 4300 POST
http://speedtest.worldnet.co.nz/speedtest.net/speedtest/upload.php? -
DIRECT/202.169.192.58 text/html
1342039010.134 60806 10.161.128.34 TCP_MISS/504 4285 POST
http://rt1403.infolinks.com/action/doq.htm? - DIRECT/64.71.153.213
text/html
1342039947.624 59642 10.161.128.34 TCP_MISS/504 4834 POST
http://c.brightcove.com/services/messagebroker/amf? -
DIRECT/8.19.200.152 text/html
1342040562.565 61340 10.161.128.34 TCP_MISS/504 4469 POST
http://2975c.v.fwmrm.net/ad/p/1? - DIRECT/75.98.70.31 text/html
1342040573.047 59531 10.161.128.34 TCP_MISS/504 4834 POST
http://c.brightcove.com/services/messagebroker/amf? -
DIRECT/8.19.200.152 text/html
1342040679.001 59688 10.161.128.34 TCP_MISS/504 4838 POST
http://c.brightcove.com/services/messagebroker/amf? -
DIRECT/64.152.208.202 text/html
1342040700.694 59871 10.161.128.34 TCP_MISS/504 4469 POST
http://2975c.v.fwmrm.net/ad/p/1? - DIRECT/75.98.70.31 text/html
1342040742.908 60168 10.161.128.34 TCP_MISS/504 4295 POST
http://speedtest.orcon.net.nz/speedtest/upload.php? -
DIRECT/219.88.241.70 text/html
1342040742.908 60162 10.161.128.34 TCP_MISS/504 4296 POST
http://speedtest.orcon.net.nz/speedtest/upload.php? -
DIRECT/219.88.241.70 text/html
1342042640.381 60407 10.161.128.34 TCP_MISS/504 4295 POST
http://speedtest.orcon.net.nz/speedtest/upload.php? -
DIRECT/219.88.241.70 text/html
1342042640.381 60026 10.161.128.34 TCP_MISS/504 4297 POST
http://speedtest.orcon.net.nz/speedtest/upload.php? -
DIRECT/219.88.241.70 text/html
1342042921.326 60879 10.161.128.34 TCP_MISS/504 4831 POST
http://c.brightcove.com/services/messagebroker/amf? -
DIRECT/64.152.208.202 text/html
Any suggestions about getting the rest of the web up running through
our local squid would be most appreciated.
Cheers,
Ben
Received on Wed Jul 11 2012 - 09:42:56 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 11 2012 - 12:00:01 MDT