Re: [squid-users] Strange Facebook Problems

Amos Jeffries wrote:
> On Wed, 19 Aug 2009 20:58:19 -0700, Jason <jason_at_azii.net> wrote:
>
>> Everyone,
>>
>> I am running squid 3.1.0.6, transparent/intercepting (non tproxy, non
>> wpad, etc), nat'ted network, and users are reporting problems using the
>> uploaders at the facebook website. When I explored this, here is what I
>> found:
>>
>> Facebook has two upload methods, a newer java based one, and an older
>> html forms (i think) based one.
>>
>> 1. Both uploaders work perfectly when I bypass squid.
>>
>> 2. With internet explorer, the old uploader works fine
>>
>> 3. With Internet Explorer, the new uploader fails at first. If you
>> immediately hit the "Upload" button after the failure, it works.
>>
>> 4. With Firefox, the old uploader gives this error from squid:
>> ERROR
>> The requested URL could not be retrieved
>> The following error was encountered while trying to retrieve the URL:
>> http://upload.facebook.com
>> /photos_upload.php
>> Connection to upload.facebook.com failed.
>> The system returned: (110) Connection timed out
>> The remote host or network may be down. Please try the request again.
>> Your cache administrator is yours truly.
>>
>> 5. With Firefox, the new uploader fails at first. If you immediately
>> hit the "Upload" button after a failure, it works (just like the IE
>>
> case).
>
>> On the proxy machine:
>> tcp_window_scaling is off
>> tcp_ecn is off
>> .facebook.com is in the "always direct" list I maintain.
>>
>>
>> Any help in solving this would be great!
>>
>> Jason
>>
>> Below is my Config:
>> qos_flows local-hit=0x30
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/32
>> acl to_localhost dst 127.0.0.0/8
>> acl Safe_ports port 80 # http
>> acl CONNECT method CONNECT
>> http_access allow manager localhost
>> http_access deny manager
>> acl our_networks src 10.0.0.0/16
>> http_access allow our_networks
>> http_access allow localhost
>> acl directlist dstdomain "/etc/squid/directsites"
>> always_direct allow directlist
>> http_access deny all
>> http_reply_access allow our_networks
>> http_reply_access allow localhost
>> http_reply_access deny all
>> icp_access deny all
>> htcp_access deny all
>> htcp_clr_access deny all
>> miss_access allow our_networks
>> miss_access allow localhost
>> miss_access deny all
>> http_port 10.0.0.1:3594 transparent disable-pmtu-discovery=transparent
>> http_port 127.0.0.1:3594 transparent disable-pmtu-discovery=transparent
>> cache_mem 128 MB
>> memory_replacement_policy heap GDSF
>> cache_replacement_policy heap LFUDA
>> cache_dir aufs /squida 21760 16 256
>> cache_dir aufs /squidb 21760 16 256
>> cache_dir aufs /squidc 21760 16 256
>> max_open_disk_fds 0
>> minimum_object_size 0 KB
>> maximum_object_size 10 MB
>> cache_swap_low 95
>> cache_swap_high 97
>> access_log /var/log/squid/access.log
>> cache_log /var/log/squid/cache.log
>> cache_store_log /var/log/squid/store.log
>> mime_table /etc/squid/mime.conf
>> pid_filename /var/run/squid.pid
>> log_fqdn off
>> strip_query_terms off
>> unlinkd_program /usr/lib/squid/unlinkd
>> url_rewrite_program /usr/bin/squidGuard
>> url_rewrite_children 32
>> url_rewrite_concurrency 0
>> url_rewrite_host_header on
>> url_rewrite_bypass off
>> refresh_pattern (cgi-bin|\?) 0 0% 0
>> refresh_pattern . 0 20% 4320
>> quick_abort_min 50 KB
>> quick_abort_max 50 KB
>> quick_abort_pct 50
>> read_ahead_gap 16 KB
>> negative_ttl 0 minutes
>> positive_dns_ttl 5 minutes
>> negative_dns_ttl 10 seconds
>> range_offset_limit 0 KB
>> request_header_max_size 128 KB
>> reply_header_max_size 128 KB
>> ie_refresh on
>> request_entities on
>> forward_timeout 1 minutes
>> connect_timeout 20 seconds
>> shutdown_lifetime 3 seconds default
>> cache_mgr support_at_azii.net
>> cache_effective_user proxy
>> cache_effective_group proxy
>> visible_hostname integrityinternet.net
>> snmp_port 45656
>> snmp_access allow our_networks
>> snmp_access allow localhost
>> snmp_access deny all
>> snmp_incoming_address 10.0.0.1
>> icon_directory /usr/share/squid/icons
>> dns_nameservers 127.0.0.1
>> ipcache_size 5120
>> ipcache_low 95
>> ipcache_high 97
>> fqdncache_size 5120
>> memory_pools_limit 512 MB
>> client_db off
>> uri_whitespace strip
>> coredump_dir /squida
>> pipeline_prefetch off
>> client_persistent_connections off
>> server_persistent_connections off
>>
>
>
> Please note that "always_direct" does not mean the URLs bypass Squid. It
> means that squid will not pass those requests to a cache_peer server. Of
> which you have none, meaning the always_direct is merely wasting CPU time.
>
> Please try these:
>
> * a current release of 3.1
>
> * turning persistent connections ON.
> client_persistent_connections off
> server_persistent_connections off
>
>
> Amos
>
>
>
Amos,

    Thank you for replying. I've tried persistent_connections both
ways, with no difference. Next, I'll try the latest squid 3.1. Also
thanks for the tip regarding always_direct. I thought it meant that
squid would not look in its cache for that site.

Jason
Received on Thu Aug 20 2009 - 19:44:02 MDT