Hi everyone,
I'm forwarding this along from one of my clients who has been
experiencing an odd problem with Squid in website accelerator mode.
It is worth adding to the below problem description that different
client browsers exhibit the same issue. I'm out of ideas about what
might be causing the proxy to hang, so I'm hoping someone here might
have hit the problem or have some pointers for straightening it out.
Worth mentioning: We've also confirmed that requests made directly from
the proxy machine (using wget, without Squid in circuit) works fine, as
do requests made from browsers directly hitting the webserver. So Squid
is the only client which we can cause to hang like this.
Warrick FitzGerald wrote:
> Hi All,
>
> This problem has been driving me mad for the last couple weeks and I have
> finally decided to bring it to the table in hope that someone other than
> myself has seen this before :
>
> Some up front info :
> - squid-2.4.STABLE6-1
> - running in reverse proxy mode (webside accel mode)
> - no DNS looks are done becuase it is acceling on IP address.
> - two instances of squid running on the box, each bound to a seperate IP
> address.
>
> -------------------------
> So here is the problem :
>
> I run continuous requests through the proxy (one uniq request per second).
>
> watch -n 1 'wget --cache=off http://137746.MyDomain.com/CHStaffList?`date
> +%s`
>
> -------------
>
> - Without fail within a few minutes the recursive wget will hang due to an
> incomplete response from the proxy.
>
> After MANY .. MANY hours of debugging this I have come to the following
> conclusion. AND ALSO have tcpdump data to support this argument :
>
> -----
>
> 1. Client sends GET to proxy.
> 2. Proxy relays get to origin server
> 3. Origin Server responds to proxy with 200 OK
> 4. Proxy relays 200 OK back to client
> 5. Origin server starts to server the HTML content to the proxy ... packet 1
> of 2
> 6. Proxy relays packet 1 of two to client
> 7. Origin server sends packet 2 of 2 to proxy
> 8. Proxy DOES NOT send packet 2 of 2 to the client ... instead it just hangs
> there.
>
>
> Notes :
> - persistent connections have been tried both enabled and disabled
> - There is a log entry generated in access.log (once you caccel the client
> side transaction and the client closes the connection), however their is no
> cache
> file created in the cache storage (in this case /Cache1).
> - Origionally I thought it may be a physical network issue, but after seeing
> (via tcpdump) the fact that the second half of the packet does get recieved
> by the proxy, and just is not relayed.
>
>
> -----------------------------------
>
>
> [root@myserver squid]# cat squid2.conf | grep -v '^#' | grep '\w'
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> acl SMDEMO urlpath_regex smdemo.mydomain.com \?
> no_cache allow mydomain
> no_cache deny QUERY
> cache_dir aufs /cache1 10000 24 256
> cache_access_log /var/log/squid2/access.log
> cache_log /var/log/squid2/cache.log
> cache_store_log /var/log/squid2/store.log
> pid_filename /var/run/squid2.pid
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow all
> icp_access allow all
> httpd_accel_single_host on
> client_persistent_connections off
> server_persistent_connections off
> pipeline_prefetch off
> ie_refresh off
> httpd_accel_with_proxy off
> httpd_accel_uses_host_header on
> http_port 172.16.128.53:80
> httpd_accel_host 172.16.1.195
-- Joe Cooper <joe@swelltech.com> http://www.swelltech.com Web Caching Appliances and SupportReceived on Thu May 02 2002 - 14:57:46 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:53 MST