Re: [squid-users] Strange Facebook Problems

From: Jason <jason_at_azii.net>
Date: Thu, 20 Aug 2009 23:08:35 -0700

Amos Jeffries wrote:
> Jason wrote:
>> Amos Jeffries wrote:
>>> On Wed, 19 Aug 2009 20:58:19 -0700, Jason <jason_at_azii.net> wrote:
>>>
>>>> Everyone,
>>>>
>>>> I am running squid 3.1.0.6, transparent/intercepting (non tproxy,
>>>> non wpad, etc), nat'ted network, and users are reporting problems
>>>> using the uploaders at the facebook website. When I explored this,
>>>> here is what I found:
>>>>
>>>> Facebook has two upload methods, a newer java based one, and an
>>>> older html forms (i think) based one.
>>>>
>>>> 1. Both uploaders work perfectly when I bypass squid.
>>>>
>>>> 2. With internet explorer, the old uploader works fine
>>>>
>>>> 3. With Internet Explorer, the new uploader fails at first. If
>>>> you immediately hit the "Upload" button after the failure, it works.
>>>>
>>>> 4. With Firefox, the old uploader gives this error from squid:
>>>> ERROR
>>>> The requested URL could not be retrieved
>>>> The following error was encountered while trying to retrieve the
>>>> URL: http://upload.facebook.com
>>>> /photos_upload.php
>>>> Connection to upload.facebook.com failed.
>>>> The system returned: (110) Connection timed out
>>>> The remote host or network may be down. Please try the request again.
>>>> Your cache administrator is yours truly.
>>>>
>>>> 5. With Firefox, the new uploader fails at first. If you
>>>> immediately hit the "Upload" button after a failure, it works (just
>>>> like the IE
>>>>
>>> case).
>>>
>>>> On the proxy machine:
>>>> tcp_window_scaling is off
>>>> tcp_ecn is off
>>>> .facebook.com is in the "always direct" list I maintain.
>>>>
>>>>
>>>> Any help in solving this would be great!
>>>>
>>>> Jason
>>>>
>>>> Below is my Config:
>>>> qos_flows local-hit=0x30
>>>> acl manager proto cache_object
>>>> acl localhost src 127.0.0.1/32
>>>> acl to_localhost dst 127.0.0.0/8
>>>> acl Safe_ports port 80 # http
>>>> acl CONNECT method CONNECT
>>>> http_access allow manager localhost
>>>> http_access deny manager
>>>> acl our_networks src 10.0.0.0/16
>>>> http_access allow our_networks
>>>> http_access allow localhost
>>>> acl directlist dstdomain "/etc/squid/directsites"
>>>> always_direct allow directlist
>>>> http_access deny all
>>>> http_reply_access allow our_networks
>>>> http_reply_access allow localhost
>>>> http_reply_access deny all
>>>> icp_access deny all
>>>> htcp_access deny all
>>>> htcp_clr_access deny all
>>>> miss_access allow our_networks
>>>> miss_access allow localhost
>>>> miss_access deny all
>>>> http_port 10.0.0.1:3594 transparent disable-pmtu-discovery=transparent
>>>> http_port 127.0.0.1:3594 transparent
>>>> disable-pmtu-discovery=transparent
>>>> cache_mem 128 MB
>>>> memory_replacement_policy heap GDSF
>>>> cache_replacement_policy heap LFUDA
>>>> cache_dir aufs /squida 21760 16 256
>>>> cache_dir aufs /squidb 21760 16 256
>>>> cache_dir aufs /squidc 21760 16 256
>>>> max_open_disk_fds 0
>>>> minimum_object_size 0 KB
>>>> maximum_object_size 10 MB
>>>> cache_swap_low 95
>>>> cache_swap_high 97
>>>> access_log /var/log/squid/access.log
>>>> cache_log /var/log/squid/cache.log
>>>> cache_store_log /var/log/squid/store.log
>>>> mime_table /etc/squid/mime.conf
>>>> pid_filename /var/run/squid.pid
>>>> log_fqdn off
>>>> strip_query_terms off
>>>> unlinkd_program /usr/lib/squid/unlinkd
>>>> url_rewrite_program /usr/bin/squidGuard
>>>> url_rewrite_children 32
>>>> url_rewrite_concurrency 0
>>>> url_rewrite_host_header on
>>>> url_rewrite_bypass off
>>>> refresh_pattern (cgi-bin|\?) 0 0% 0
>>>> refresh_pattern . 0 20% 4320
>>>> quick_abort_min 50 KB
>>>> quick_abort_max 50 KB
>>>> quick_abort_pct 50
>>>> read_ahead_gap 16 KB
>>>> negative_ttl 0 minutes
>>>> positive_dns_ttl 5 minutes
>>>> negative_dns_ttl 10 seconds
>>>> range_offset_limit 0 KB
>>>> request_header_max_size 128 KB
>>>> reply_header_max_size 128 KB
>>>> ie_refresh on
>>>> request_entities on
>>>> forward_timeout 1 minutes
>>>> connect_timeout 20 seconds
>>>> shutdown_lifetime 3 seconds default
>>>> cache_mgr support_at_azii.net
>>>> cache_effective_user proxy
>>>> cache_effective_group proxy
>>>> visible_hostname integrityinternet.net
>>>> snmp_port 45656
>>>> snmp_access allow our_networks
>>>> snmp_access allow localhost
>>>> snmp_access deny all
>>>> snmp_incoming_address 10.0.0.1
>>>> icon_directory /usr/share/squid/icons
>>>> dns_nameservers 127.0.0.1
>>>> ipcache_size 5120
>>>> ipcache_low 95
>>>> ipcache_high 97
>>>> fqdncache_size 5120
>>>> memory_pools_limit 512 MB
>>>> client_db off
>>>> uri_whitespace strip
>>>> coredump_dir /squida
>>>> pipeline_prefetch off
>>>> client_persistent_connections off
>>>> server_persistent_connections off
>>>>
>>>
>>>
>>> Please note that "always_direct" does not mean the URLs bypass
>>> Squid. It
>>> means that squid will not pass those requests to a cache_peer
>>> server. Of
>>> which you have none, meaning the always_direct is merely wasting CPU
>>> time.
>>>
>>> Please try these:
>>>
>>> * a current release of 3.1
>>>
>>> * turning persistent connections ON.
>>> client_persistent_connections off
>>> server_persistent_connections off
>>>
>>>
>>> Amos
>>>
>>>
>>>
>> Amos,
>>
>> Thank you for replying. I've tried persistent_connections both
>> ways, with no difference. Next, I'll try the latest squid 3.1. Also
>> thanks for the tip regarding always_direct. I thought it meant that
>> squid would not look in its cache for that site.
>>
>> Jason
>>
>
> Ah, to not use the local storage its the "cache" directive with ACLs
> describing what not to store.
> http://www.squid-cache.org/Doc/config/cache/
>
> Amos
I've compiled and am running on squid 3.1.0.13, still having the
problems with facebook. The 3.1.0.13 error pages in squid are nicer to
look at than the 3.1.0.6 pages were, however!

Anyone have any other ideas? Could it be that something in the http
communication is breaking down?

Jason
Received on Fri Aug 21 2009 - 06:08:08 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 21 2009 - 12:00:03 MDT