RE: Re: [squid-users] Slow basic authentication from Bucci, David G on 2010-08-19 (squid-users)

From: Bucci, David G <david.g.bucci_at_lmco.com>
Date: Thu, 19 Aug 2010 09:48:14 -0400

Thank you, Amos -- it had to do with the dual NICs on the server, and weird routing between the two subnets represented.

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Thursday, August 19, 2010 5:52 AM
To: squid-users_at_squid-cache.org
Subject: EXTERNAL: Re: [squid-users] Slow basic authentication

Bucci, David G wrote:
> Hi - I've got Squid configured on both the client and server (reference recent discussions on establishing an SSL tunnel for all traffic from a client to a server -- I'm using that configuration, though I've yet to turn on the SSL).
>
> I'm seeing inconsistent, and generally slow behavior when accessing our origin server, which requires basic authentication. Sometimes the browser prompts for uid/pw, sometimes it doesn't, and often it takes a loooong time.
>

Since you don't have the SSL yet it should be easy to grab a packet trace of the headers flowing between the two Squid and see whats going on that takes so long.

> Using the Windows distro of 2.7 from Acme, build 8.
>
> Are there any tuning options necessary when caching against servers that send back a 401 initially? Though I didn't think it was correct, I've tried login=PASS on the cache_peer line in the client.
>

Should not matter 401 challenge headers are supposed to be passed straight through Squid.

> Note that I have cache deny all set, on both the client and the serve, and proxy-only in the client's cache_peer parent line -- we're proxying access to web service calls, all of which should return unique results, so no caching needed/wanted.
>

Squid still needs to pass them through store in transit. Ensuring the presence of a Content-Length header can prevent Squid falling back on disk storage for temporary unknown-length objects. And a cache_mem at least big enough to store the required in-transit ones lets them fly past quickly.

I don't think that is related to the problem though.

> When I set Firefox to NOT use the procy, there I no slowdown, I get immediately prompted for uid/pw.
>

Amos

--
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.6
   Beta testers wanted for 3.2.0.1

Received on Thu Aug 19 2010 - 13:48:28 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 19 2010 - 12:00:02 MDT