[squid-users] proxy.pac + squid + iexplore issue

From: Gonzalo PG <gontzalp_at_gmail.com>
Date: Wed, 27 May 2009 17:14:21 +0200

 Hello,

I'm running Squid Cache: Version 3.0.STABLE13 with ntlm auth, using
samba-3.2.10 and winbind, also SquidGuard 1.4

We are going to improve our structure with "load balancing" + "hight
availability" with two servers running squid and a proxy.pac file (I
would preffer to do this with LVS + Heartbeat, but at the moment the
accepted solution is this). In this proxy.pac one subnet will go
trought proxy1 and the other trought proxy2, but when one of the
proxies go down the file will redirect to the other.

I´ve read about an Internet Explorer issue with this configuration:
In the PAC file, it is perfectly valid to return back multiple proxy
servers in the return. The browser will first try to use the first
proxy and, should it timeout or appear to fail, retry the query on the
second and then third and so on. Again, this sounds relatively
harmless but Internet Explorer interprets "timeout" very loosely.
Experience has shown that if a user tries to access a WEB PAGE that
doesn’t respond back in a timely manner IE will decide that it is the
result of a proxy timeout and start sending requests to the secondary
proxy. Needless to say, if your proxies are geographically dispersed
this can start to spray traffic all across the WAN. This could be
potentially mitigated by doing very careful tuning with proxy and
Internet Explorer timeouts.

I would like to know if is any parameter in the squid conf to prevent
this to occur, or any way to make I.E. understand that the timeout
comes from the url and not from the proxy

Thanks a lot

Gontzal
Received on Wed May 27 2009 - 15:14:29 MDT

This archive was generated by hypermail 2.2.0 : Thu May 28 2009 - 12:00:01 MDT