Bollhalder, Andreas wrote:
> Hello
>
> We are in the progress to replace our old Squid 2.4 caches with new
> ones. We testet on Ubuntu and Gentoo with Squid 2.7.x. Our setup
> includes a local Squid and a parent Squid in the DMZ where the local
> Squid connects to the parent with ICP. The parent Squid also serves the
> clients of ist subnet diretly. Everything is working fine with the new
> Squid, except one web site. When connecting to
>
> http://www.buero-schoch.ch
>
> the site starts loading, then the loading get stalled and after some
> minutes the site is loaded completly. In the logs, I couldn't find
> anything special. I used WGET to retrieve the headers:
>
> On the old Squid 2.4:
> HTTP request sent, awaiting response...
> 1 HTTP/1.1 200 OK
> 2 Content-Type: text/html;charset=iso-8859-1
> 3 Set-Cookie: fe_typo_user=fcdc25dec3; path=/
> 4 Server: Oracle-Application-Server-10g/9.0.4.0.0 Oracle-HTTP-Server
> OracleAS-Web-Cache-10g/9.0.4.0.0 (N)
> 5 Connection: Close
> 6 Date: Fri, 27 Mar 2009 17:01:13 GMT
> 7 X-Powered-By: PHP/4.3.10
> 8 X-Pad: avoid browser bug
> 200 OK
>
> On the new Squid 2.7:
> HTTP request sent, awaiting response...
> HTTP/1.1 200 OK
> Content-Type: text/html;charset=iso-8859-1
> Set-Cookie: fe_typo_user=99d58268d6; path=/
> Server: Oracle-Application-Server-10g/9.0.4.0.0 Oracle-HTTP-Server
> OracleAS-Web-Cache-10g/9.0.4.0.0 (N)
> Connection: Close
> Date: Mon, 30 Mar 2009 05:40:16 GMT
> X-Powered-By: PHP/4.3.10
> Length: unspecified [text/html]
>
> Here is a difference for "X-Pad: avoid browser bug", but Squid shouldn't
> be a Netscape Navigator...
>
>
> We have this behavior with both Squids of version 2.7 (Ubuntu and
> Gentoo). The problem seems to be with the version 2.7. It does not
> depend if I connect over the child -> parent squid or make a direct
> connect to the parent Squid from its subnet.
>
> Here is the configuration of the parent Squid, where the localnet can
> use it directly too.
>
> On Gentoo with
> net-proxy/squid-2.7.6 USE="logrotate pam ssl"
>
> ------------------------------------------------------------
> /etc/squid/squid.conf:
> ----------------------
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl localnet src <LOCAL_NET>/27
> acl icpchilds src <CHILD_1>/32
> acl icpchilds src <CHILD_2>/32
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 901 # SWAT
> acl purge method PURGE
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localnet
> http_access allow icpchilds
> http_access allow localhost
> http_access deny all
> icp_access allow icpchilds
> icp_access deny all
> http_port <LOCAL_IP>:8080
> hierarchy_stoplist cgi-bin ?
> cache_mem 128 MB
> cache_dir aufs /var/cache/squid 1024 16 256 access_log
> /var/log/squid/access.log squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
> upgrade_http0.9 deny shoutcast
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> visible_hostname prx02
> icp_port 3130
> udp_incoming_address <LOCAL_IP>
> forwarded_for off
> coredump_dir /var/cache/squid
> ------------------------------------------------------------
>
> Any ideas where the problem is ? Anyone out there who encountered the
> same problem ?
>
> Sincerly
> Andreas Bollhalder-Bello
I can't see anything obvious there in your squid settings.
Recent other users seeing slowness like this found a dst domain ACL in
use and some DNS overload slowing Squid down. Check the config of both
proxies anyway.
FWIW: I spent 50 seconds waiting for that site to load just now with no
squid in between. Followup requests, even forced non-cachable just in
case. All showed 5sec.
I suspect there is something seriously slow at the server end of things
for first time visitors.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6Received on Mon Mar 30 2009 - 07:31:38 MDT
This archive was generated by hypermail 2.2.0 : Mon Mar 30 2009 - 12:00:02 MDT