[squid-users] Weird issue with some https pages from Jaime Gomez on 2012-03-07 (squid-users)

From: Jaime Gomez <Jaime.Gomez_at_cmcapitalmarkets.es>
Date: Wed, 07 Mar 2012 12:51:10 +0100

Hi all,

First of all I want to apologyse if this question has been solved before but I haven't found anything related with this.

We have a very weird issue with some https web pages. Some of them are very, very slow. After doing some debugging we have this in our cache.log

2012/03/07 11:10:41.072| httpParseInit: Request buffer is CONNECT ebanking.rbcdexia-is.es:443 HTTP/1.1
Host: ebanking.rbcdexia-is.es
2012/03/07 11:10:41.072| HttpMsg.cc(445) parseRequestFirstLine: parsing possible request: CONNECT ebanking.rbcdexia-is.es:443 HTTP/1.1
Host: ebanking.rbcdexia-is.es
2012/03/07 11:10:41.072| urlParse: Split URL 'ebanking.rbcdexia-is.es:443' into proto='', host='ebanking.rbcdexia-is.es', port='443', path=''
Host: ebanking.rbcdexia-is.es
2012/03/07 11:10:41.073| aclMatchDomainList: checking 'ebanking.rbcdexia-is.es'
2012/03/07 11:10:41.073| aclMatchDomainList: 'ebanking.rbcdexia-is.es' found
2012/03/07 11:10:41.073| The request CONNECT ebanking.rbcdexia-is.es:443 is ALLOWED, because it matched 'allowBancos'
2012/03/07 11:10:41.073| The request CONNECT ebanking.rbcdexia-is.es:443 is ALLOWED, because it matched 'allowBancos'
2012/03/07 11:10:41.073| clientProcessRequest: CONNECT 'ebanking.rbcdexia-is.es:443'
2012/03/07 11:10:41.074| tunnelStart: 'CONNECT ebanking.rbcdexia-is.es:443'
2012/03/07 11:10:41.074| fd_open() FD 20 ebanking.rbcdexia-is.es:443
2012/03/07 11:10:41.074| peerSelectFoo: 'CONNECT ebanking.rbcdexia-is.es'
2012/03/07 11:10:41.075| commConnectStart: FD 20, data 0x5b5fd60, ebanking.rbcdexia-is.es:443
2012/03/07 11:10:41.075| commConnectStart: FD 20, cb 0x5ac9200*1, ebanking.rbcdexia-is.es:443
2012/03/07 11:10:41.075| ipcache_nbgethostbyname: Name 'ebanking.rbcdexia-is.es'.
2012/03/07 11:10:41.075| ipcacheRelease: Releasing entry for 'ebanking.rbcdexia-is.es'
2012/03/07 11:10:41.075| ipcache_nbgethostbyname: MISS for 'ebanking.rbcdexia-is.es'
2012/03/07 11:10:41.075| idnsALookup: buf is 41 bytes for ebanking.rbcdexia-is.es, id = 0x5535
2012/03/07 11:11:41.079| errorConvert: %%U --> 'https://ebanking.rbcdexia-is.es/*'
2012/03/07 11:11:41.079| errorConvert: %%U --> 'https://ebanking.rbcdexia-is.es/*'
2012/03/07 11:11:41.079| errorConvert: %%W --> '?subject=CacheErrorInfo%20-%20ERR_CONNECT_FAIL&body=CacheHost%3A%2010.10.0.96%0D%0AErrPage%3A%20ERR_CONNECT_FAIL%0D%0AErr%3A%20(145)%20Connection%20timed%20out%0D%0ATimeStamp%3A%20Wed,%2007%20Mar%202012%2010%3A11%3A41%20GMT%0D%0A%0D%0AClientIP%3A%2010.11.7.199%0D%0A%0D%0AHTTP%20Request%3A%0D%0ACONNECT%20%2F%20HTTP%2F1.1%0AUser-Agent%3A%20Mozilla%2F5.0%20(Windows%20NT%205.0%3B%20rv%3A8.0.1)%20Gecko%2F20100101%20Firefox%2F8.0.1%0D%0AProxy-Connection%3A%20keep-alive%0D%0AHost%3A%20ebanking.rbcdexia-is.es%0D%0A%0D%0A%0D%0A'
2012/03/07 11:11:41.081| fd_close FD 20 ebanking.rbcdexia-is.es:443
2012/03/07 11:11:41.124| httpParseInit: Request buffer is CONNECT ebanking.rbcdexia-is.es:443 HTTP/1.1
Host: ebanking.rbcdexia-is.es
2012/03/07 11:11:41.124| HttpMsg.cc(445) parseRequestFirstLine: parsing possible request: CONNECT ebanking.rbcdexia-is.es:443 HTTP/1.1
Host: ebanking.rbcdexia-is.es
2012/03/07 11:11:41.124| urlParse: Split URL 'ebanking.rbcdexia-is.es:443' into proto='', host='ebanking.rbcdexia-is.es', port='443', path=''
Host: ebanking.rbcdexia-is.es
2012/03/07 11:11:41.124| aclMatchDomainList: checking 'ebanking.rbcdexia-is.es'
2012/03/07 11:11:41.124| aclMatchDomainList: 'ebanking.rbcdexia-is.es' found
2012/03/07 11:11:41.125| The request CONNECT ebanking.rbcdexia-is.es:443 is ALLOWED, because it matched 'allowBancos'
2012/03/07 11:11:41.125| The request CONNECT ebanking.rbcdexia-is.es:443 is ALLOWED, because it matched 'allowBancos

As you can see there is a one minute timeout and the web page begins to load again and succesfully. We have upgraded from Squid 2 to Squid 3.1.16 without success. Now we are running version 3.1.19. Here is the output of squid -v command:

Squid Cache: Version 3.1.19
configure options: '--prefix=/usr/local/squid' '--enable-poll' '--enable-external-acl-helpers=ip_user,unix_group' '--enable-auth=basic' '--enable-basic-auth-helpers=NCSA' '--enable-async-io' '--enable-icmp' '--enable-useragent-log' '--enable-cache-digests' '--enable-follow-x-forwarded-for' '--enable-storeio=diskd,ufs,aufs' '--with-pthreads' '--enable-removal-policies=heap,lru' '--with-maxfd=4096' '--with-aufs-threads=32' '--enable-http-violations' '--enable-truncate' '--enable-snmp' --with-squid=/tmp/squid-3.1.19 --enable-ltdl-convenience

Thanks in advance.

Regards,

Jaime.
Received on Wed Mar 07 2012 - 11:51:04 MST

This archive was generated by hypermail 2.2.0 : Wed Mar 07 2012 - 12:00:02 MST