Re: [squid-users] Strange Facebook Problems

On Wed, 19 Aug 2009 20:58:19 -0700, Jason <jason_at_azii.net> wrote:
> Everyone,
>
> I am running squid 3.1.0.6, transparent/intercepting (non tproxy, non
> wpad, etc), nat'ted network, and users are reporting problems using the
> uploaders at the facebook website. When I explored this, here is what I
> found:
>
> Facebook has two upload methods, a newer java based one, and an older
> html forms (i think) based one.
>
> 1. Both uploaders work perfectly when I bypass squid.
>
> 2. With internet explorer, the old uploader works fine
>
> 3. With Internet Explorer, the new uploader fails at first. If you
> immediately hit the "Upload" button after the failure, it works.
>
> 4. With Firefox, the old uploader gives this error from squid:
> ERROR
> The requested URL could not be retrieved
> The following error was encountered while trying to retrieve the URL:
> http://upload.facebook.com
> /photos_upload.php
> Connection to upload.facebook.com failed.
> The system returned: (110) Connection timed out
> The remote host or network may be down. Please try the request again.
> Your cache administrator is yours truly.
>
> 5. With Firefox, the new uploader fails at first. If you immediately
> hit the "Upload" button after a failure, it works (just like the IE
case).
>
> On the proxy machine:
> tcp_window_scaling is off
> tcp_ecn is off
> .facebook.com is in the "always direct" list I maintain.
>
>
> Any help in solving this would be great!
>
> Jason
>
> Below is my Config:
> qos_flows local-hit=0x30
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl Safe_ports port 80 # http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> acl our_networks src 10.0.0.0/16
> http_access allow our_networks
> http_access allow localhost
> acl directlist dstdomain "/etc/squid/directsites"
> always_direct allow directlist
> http_access deny all
> http_reply_access allow our_networks
> http_reply_access allow localhost
> http_reply_access deny all
> icp_access deny all
> htcp_access deny all
> htcp_clr_access deny all
> miss_access allow our_networks
> miss_access allow localhost
> miss_access deny all
> http_port 10.0.0.1:3594 transparent disable-pmtu-discovery=transparent
> http_port 127.0.0.1:3594 transparent disable-pmtu-discovery=transparent
> cache_mem 128 MB
> memory_replacement_policy heap GDSF
> cache_replacement_policy heap LFUDA
> cache_dir aufs /squida 21760 16 256
> cache_dir aufs /squidb 21760 16 256
> cache_dir aufs /squidc 21760 16 256
> max_open_disk_fds 0
> minimum_object_size 0 KB
> maximum_object_size 10 MB
> cache_swap_low 95
> cache_swap_high 97
> access_log /var/log/squid/access.log
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
> mime_table /etc/squid/mime.conf
> pid_filename /var/run/squid.pid
> log_fqdn off
> strip_query_terms off
> unlinkd_program /usr/lib/squid/unlinkd
> url_rewrite_program /usr/bin/squidGuard
> url_rewrite_children 32
> url_rewrite_concurrency 0
> url_rewrite_host_header on
> url_rewrite_bypass off
> refresh_pattern (cgi-bin|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> quick_abort_min 50 KB
> quick_abort_max 50 KB
> quick_abort_pct 50
> read_ahead_gap 16 KB
> negative_ttl 0 minutes
> positive_dns_ttl 5 minutes
> negative_dns_ttl 10 seconds
> range_offset_limit 0 KB
> request_header_max_size 128 KB
> reply_header_max_size 128 KB
> ie_refresh on
> request_entities on
> forward_timeout 1 minutes
> connect_timeout 20 seconds
> shutdown_lifetime 3 seconds default
> cache_mgr support_at_azii.net
> cache_effective_user proxy
> cache_effective_group proxy
> visible_hostname integrityinternet.net
> snmp_port 45656
> snmp_access allow our_networks
> snmp_access allow localhost
> snmp_access deny all
> snmp_incoming_address 10.0.0.1
> icon_directory /usr/share/squid/icons
> dns_nameservers 127.0.0.1
> ipcache_size 5120
> ipcache_low 95
> ipcache_high 97
> fqdncache_size 5120
> memory_pools_limit 512 MB
> client_db off
> uri_whitespace strip
> coredump_dir /squida
> pipeline_prefetch off
> client_persistent_connections off
> server_persistent_connections off

Please note that "always_direct" does not mean the URLs bypass Squid. It
means that squid will not pass those requests to a cache_peer server. Of
which you have none, meaning the always_direct is merely wasting CPU time.

Please try these:

* a current release of 3.1

* turning persistent connections ON.
client_persistent_connections off
server_persistent_connections off

Amos
Received on Thu Aug 20 2009 - 04:59:10 MDT