[squid-users] Help with strange squid behavior

From: Phyllis Smith <p_smith@dont-contact.us>
Date: Wed, 23 Jan 2008 07:54:21 -0700

I have looked through the archives and searched the web, but I can't
find any information that would help with the problem that I am
having. If I wasn't clever enough to come up with the correct search
terms and this has been discussed before, then I apologize in advance.

I am running Debian Linux 4 (etch) with 2.6.18 kernel. I am running
2.8.0.2 dansguardian, with 2.6.STABLE5 squid (the most current Debian
supported releases when I upgraded everything a few weeks ago). I
believe there are newer versions of both dansguardian and squid, but
I hesitate to go to the effort of building my own from source when I
have no idea if it will solve the problem. I have done very little
with the configurations. The system has been up and working for
about 5 years, but this behavior started this last fall. The obvious
question - what did you do when the problem started? Truly, I didn't
change either the Debian machine, and the only changes to the Windows
servers would be the MS security patches.

The system is set up in a school. The students are all running off of
two Windows Citrix servers, so only 2 physical computers are actually
accessing the Internet. When the students are web browsing, things
will work OK for a while, then they start to deteriorate. Typically
there are about 20 students and they are being sent to a group of 5
or 6 websites. Mostly the sites work OK to start for most of the
students, then they start to change. The page that was requested
typically comes up for a few seconds, then the page is completely
replaced with something else like pagead2.googlesyndication.com,
ads.doubleclick.net, etc - generally a "gross" content match to the
information on the page they are looking at. Many of these are under
construction placeholders.

If I bypass dg/squid I do not see the strange bahavior.

I can't prove the problem is squid, but for some reason, clearing the
squid cache seems to solve the problem for a while. I don't know how
to find out for sure, or what to do about it. Does anyone have any
suggestions for troubleshooting, changing configuration, or anything
that may help isolate the problem? I
could really use some help here.

The whole thing makes no sense to me. If there is some bogus code on
the website that is allowing this, it should happen regardless of
whether dg/squid is running. Once someone successfully accesses the
page, the correct page should be in the cache, and we shouldn't be
accessing the page on the web anymore, so the behavior shouldn't change.

Thanks in advance for any assistance that you can provide.
Phyllis Smith
Received on Wed Jan 23 2008 - 07:59:51 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST