Re: [squid-users] Problems POST-Method on Squid 3 from Amos Jeffries on 2008-11-18 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 19 Nov 2008 12:31:30 +1300 (NZDT)

> Hello List,
> I'am having problems with my squid 3 on Centos.
> If I try to use POST-Method (e.g. Webmail, Bugzilla) the proxy returns
>
> "Read Timeout"
> No Error

This error indicates a network issue below Squid. The remote server has
been sent and accepted the request, but has not sent back any reply within
15 minutes.

My experience with this its always been a PMTU error somewhere on the
Internet between Squid and the server combined with someone blocking ICMP.

Amos

>
> I have no idea why this is happening.
>
> Here's my Config:
> <snip>
> http_port 172.25.1.40:80
> http_port 127.0.0.1:3128
> hierarchy_stoplist cgi-bin ?
> visible_hostname proxy.mycompany.com
> coredump_dir /var/spool/squid
> high_memory_warning 3000 MB
> cachemgr_passwd secret all
> cache_mgr root_at_mycompany.com
> memory_pools off
> cache_mem 1024 MB
> cache_swap_low 90
> cache_swap_high 95
> cache_effective_user squid
> cache_dir ufs /var/spool/squid 200000 16 256
> access_log /var/log/squid/access.log squid
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
> pid_filename /var/log/squid/squid.pid
> dns_defnames on
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl internal_if src 172.25.1.40/255.255.255.255
> acl kutz src 172.25.63.152/255.255.255.255 172.25.63.134/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 # https
> acl SSL_ports port 8443 # psync-https
> acl SSL_ports port 12120 #
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl QUERY urlpath_regex cgi-bin \?
> acl snmppublic snmp_community public
> acl mysys src 172.25.46.46/255.255.255.255
> acl support.microsoft.com dstdomain support.microsoft.com
> acl our_networks src 172.25.0.0/16 172.16.0.0/16 62.143.254.0/24
> 80.69.108.0/24
> acl myspecial dstdomain .myspecial.com
> acl ausnahme1 dst 172.25.22.198/32 172.25.46.206/32 172.25.46.218/32
> acl ausnahme2 url_regex ^http://some.url.com$
> acl ausnahme3 url_regex ^http://some.url.com$
> acl ausnahme4 url_regex ^http://some.url.com$
> acl ausnahme5 url_regex ^http://some.url.com$
> acl ausnahme6 url_regex ^http://some.url.com$
> acl ausnahme7 url_regex ^http://some.url.com$
> acl ausnahme8 url_regex ^http://some.url.com$
> acl ausnahme9 url_regex ^http://some.url.com$
> acl ausnahmeA url_regex ^http://some.url.com$
> acl ausnahmeB url_regex ^http://some.url.com$
> acl ausnahmeC url_regex ^http://some.url.com$
> acl ausnahmeD url_regex ^http://some.url.com$
> acl ausnahmeE url_regex ^http://some.url.com$
> acl ausnahmeF url_regex ^http://some.url.com$
> acl ausnahmeG url_regex ^http://some.url.com$
> always_direct allow myspecial
> acl purge method PURGE
> #broken_vary_encoding allow apache
> acl apache rep_header Server ^Apache
> request_header_access Accept-Encoding deny support.microsoft.com
> http_access allow purge localhost internal_if
> #http_access deny purge
> http_access allow manager localhost kutz mysys
> #http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> no_cache deny ausnahme1
> no_cache deny ausnahme2
> no_cache deny ausnahme3
> no_cache deny ausnahme4
> no_cache deny ausnahme5
> no_cache deny ausnahme6
> no_cache deny ausnahme7
> no_cache deny ausnahme8
> no_cache deny ausnahme9
> no_cache deny ausnahmeA
> no_cache deny ausnahmeB
> no_cache deny ausnahmeC
> no_cache deny ausnahmeD
> no_cache deny ausnahmeE
> no_cache deny ausnahmeF
> no_cache deny ausnahmeG
> cache deny QUERY
> http_access allow our_networks
> http_access allow localhost
> http_access deny all
> http_reply_access allow all
> icp_access deny all
> snmp_port 3401
> snmp_access allow snmppublic kerpsys
> snmp_access allow snmppublic localhost
> snmp_access deny all
> snmp_incoming_address 0.0.0.0
> snmp_outgoing_address 255.255.255.255
> <snip>
>
> --
> Han Solo:
> Wonderful girl! Either I'm going to kill her
> or I'm beginning to like her.
>
Received on Tue Nov 18 2008 - 23:31:38 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 19 2008 - 12:00:04 MST