[squid-users] Strange browser behavior / issue with proxy autoconfiguration file

From: Stefan Baur <newsgroups.mail2_at_stefanbaur.de>
Date: Wed, 10 Mar 2010 10:45:37 +0100

Hi list,

I'm not sure if this is a squid issue - probably not - but since the FAQ
mentions proxy autoconfiguration files in quite some detail, I'm hoping
that the folks that came up with the examples in the FAQ are reading
along and might provide some insight on my issue, or maybe even a solution.

I'm using Iceweasel (Debian Lenny's rebranded Firefox) 3.0.6-3,
Squid 2.7.STABLE3-4.1lenny1, and the following proxy autoconfiguration file:

function FindProxyForURL(url, host) {
if (
     isPlainHostName(host) ||
     isInNet(host, "192.168.0.0", "255.255.0.0") ||
     isInNet(host, "172.16.0.0", "255.240.0.0") ||
     isInNet(host, "10.0.0.0", "255.0.0.0")
    )
    {
     return "DIRECT";
     // This excludes plain host names
     // (WINS, non-FQDNs) as well as the IP ranges
     // 192.168.0.0-192.168.255.255,
     // 172.16.0.0-172.31.255.255 and
     // 10.0.0.0-10.255.255.255
     // from the proxy service
     // (needed as the proxy is in the DMZ
     // and can't fetch pages from internal
     // addresses)
    } else {
     return "PROXY proxy.ip.here:8080;DIRECT";
     // Everything else should go through the proxy
    }
}

What happens is that as soon as an URL with a non-existent DNS name is
entered, the browser locks up for almost 90 seconds before it displays
Squid's DNS error message (ERR_DNS_FAIL).

I tried changing
return "PROXY proxy.ip.here:8080;DIRECT";
to
return "PROXY proxy.ip.here:8080";
as I thought it might freeze until it gets some sort of time out in the
"DIRECT" part.
That wasn't the case, though.

I also tried removing the isPlainHostName part, in case it would do some
sort of lookup that causes the delay, but that didn't help, either.
(I closed the browser between those attempts, so it wouldn't cache the
old config file somewhere.)

However, when I don't use the autoconfiguration file, but rather enter
the data directly in Iceweasel's proxy configuration screen
(Edit/Preferences/Advanced/Network/Connection: Settings), the
ERR_DNS_FAIL page upon hitting an invalid DNS name shows up instantly.

The Wiki/FAQ at
<http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers#Partially_Automatic_Configuration>
suggests using

if (!isResolvable(host))
return "DIRECT";

This probably won't work in my case, as none of my clients have access
to the "real" DNS (the DNS server they know only resolves internal
names, and that is intentional), so they'd always try to avoid the proxy
as they can't resolve any host name.

Also, working the opposite way, as in this example from
<http://docs.sun.com/app/docs/doc/820-1652/adysm?a=view>,

function FindProxyForURL(url, host)
     {
         if (isPlainhost name(host) ||
             isResolvable(host))
             return "DIRECT";
         else
             return "PROXY proxy.ip.here:8080";
     }
it still shows the freeze/lockup issue.

Any suggestions on how I can use an autoconfiguration file and still get
timely ERR_DNS_FAIL replies?

Kind Regards,
Stefan
Received on Wed Mar 10 2010 - 09:45:43 MST

This archive was generated by hypermail 2.2.0 : Thu Mar 11 2010 - 12:00:06 MST