Re: [squid-users] Uploads not working behind squid proxy

From: Crawford, Ben <bcrawford_at_sohs.school.nz>
Date: Thu, 12 Jul 2012 10:21:30 +1200

As requested, a more detailed squid.conf:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl localnet src 10.161.128.0/20
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
cache_peer 10.55.240.250 parent 3128 3130 no-query default login=PASS
http_access allow manager localhost
http_access allow localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_port 10.161.128.11:3128 intercept
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320

Ben

On 12 July 2012 04:25, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> two things:
> post a more detailed squid.conf to see if there is something wrong there.
>
> i am using squid3.1.19 and 3.2.16-17 and it works like for many others.
> this problem can be an issue about routing and not related to squid at all.
>
> a 504 code is:
> 10.5.5 504 Gateway Timeout
>
> The server, while acting as a gateway or proxy, did not receive a timely
> response from the upstream server specified by the URI (e.g. HTTP, FTP,
> LDAP) or some other auxiliary server (e.g. DNS) it needed to access in
> attempting to complete the request.
>
> Note: Note to implementors: some deployed proxies are known to
> return 400 or 500 when DNS lookups time out.
>
>
> is there any enforcement on the usage of the cache_peer on the ip leve? ie.
> without the cache_peer proxy can you get sites fine?
>
> Eliezer
>
>
> On 7/11/2012 12:42 PM, Crawford, Ben wrote:
>>
>> Hi All,
>>
>> I have run into a problem with not being able to access a few specific
>> things on the web when running through our local proxy.
>>
>> Some details:
>> * The current setup is a Linux box running squid 3.1.19.
>> * This is being run behind a pfsense box that is load balancing our
>> two internet connections
>> * Both internet connections are behind the same proxy (we are actually
>> on a private network), which is set as the parent for our internal
>> proxy
>> * Squid is running in intercept mode
>>
>> With this setup, most things work as expected; I can visit web pages,
>> watch youtube videos, upload attachments to gmail. However, some
>> things are not working. The easiest example is speedtest.net. I can
>> run the download test, but the upload test always fails. Trying to
>> watch content on tvnz.co.nz (on demand content) does not work either.
>>
>> When running traffic without our internal proxy (ie direct to the
>> parent) everything works fine. I'm stuck and can't find any
>> solutions.
>>
>> Here is what I have tried so far:
>> * First, I was hoping to run squid on the pfsense box, but ran into
>> similar problems, so I tried to isolate the problem by putting in the
>> Linux box. (never a bad idea to be running more recent version of
>> squid either, it may be needed shortly for some of the newer features
>> anyway)
>> * Instead of running my full squid.conf, I am using the default
>> squid.conf with just the extra line to access the parent (cache_peer
>> 10.55.240.250 parent 3128 3130 no-query default login=PASS)
>> * I've read bits and pieces about similar problems dealing with sysctl
>> and some ipv4 settings. None of this seemed to apply, and what I did
>> try didn't work.
>> * Checking on the specific web pages in firefox using firebug and I
>> can see some 504 errors (seemingly only on POST) - this lead me to
>> check the logs for POST with 504 errors (see logs below)
>> * Checked the problem in IE, Chrome and Firefox
>> * Lots of googleing and reading of squid documentation
>>
>> Here is what is showing in the squid logs where there is a 504 with a
>> POST, you'll notice that most are for the local speedtest.net testing.
>> I figured not much point finding lots of sites when just a few are
>> causing problems.
>>
>> 1342030821.058 59542 10.161.128.34 TCP_MISS/504 4301 POST
>> http://speedtest.worldnet.co.nz/speedtest.net/speedtest/upload.php? -
>> DIRECT/202.169.192.58 text/html
>> 1342030821.058 59536 10.161.128.34 TCP_MISS/504 4300 POST
>> http://speedtest.worldnet.co.nz/speedtest.net/speedtest/upload.php? -
>> DIRECT/202.169.192.58 text/html
>> 1342039010.134 60806 10.161.128.34 TCP_MISS/504 4285 POST
>> http://rt1403.infolinks.com/action/doq.htm? - DIRECT/64.71.153.213
>> text/html
>> 1342039947.624 59642 10.161.128.34 TCP_MISS/504 4834 POST
>> http://c.brightcove.com/services/messagebroker/amf? -
>> DIRECT/8.19.200.152 text/html
>> 1342040562.565 61340 10.161.128.34 TCP_MISS/504 4469 POST
>> http://2975c.v.fwmrm.net/ad/p/1? - DIRECT/75.98.70.31 text/html
>> 1342040573.047 59531 10.161.128.34 TCP_MISS/504 4834 POST
>> http://c.brightcove.com/services/messagebroker/amf? -
>> DIRECT/8.19.200.152 text/html
>> 1342040679.001 59688 10.161.128.34 TCP_MISS/504 4838 POST
>> http://c.brightcove.com/services/messagebroker/amf? -
>> DIRECT/64.152.208.202 text/html
>> 1342040700.694 59871 10.161.128.34 TCP_MISS/504 4469 POST
>> http://2975c.v.fwmrm.net/ad/p/1? - DIRECT/75.98.70.31 text/html
>> 1342040742.908 60168 10.161.128.34 TCP_MISS/504 4295 POST
>> http://speedtest.orcon.net.nz/speedtest/upload.php? -
>> DIRECT/219.88.241.70 text/html
>> 1342040742.908 60162 10.161.128.34 TCP_MISS/504 4296 POST
>> http://speedtest.orcon.net.nz/speedtest/upload.php? -
>> DIRECT/219.88.241.70 text/html
>> 1342042640.381 60407 10.161.128.34 TCP_MISS/504 4295 POST
>> http://speedtest.orcon.net.nz/speedtest/upload.php? -
>> DIRECT/219.88.241.70 text/html
>> 1342042640.381 60026 10.161.128.34 TCP_MISS/504 4297 POST
>> http://speedtest.orcon.net.nz/speedtest/upload.php? -
>> DIRECT/219.88.241.70 text/html
>> 1342042921.326 60879 10.161.128.34 TCP_MISS/504 4831 POST
>> http://c.brightcove.com/services/messagebroker/amf? -
>> DIRECT/64.152.208.202 text/html
>>
>>
>> Any suggestions about getting the rest of the web up running through
>> our local squid would be most appreciated.
>>
>> Cheers,
>> Ben
>>
>
>
> --
> Eliezer Croitoru
> https://www1.ngtech.co.il
> IT consulting for Nonprofit organizations
> eliezer <at> ngtech.co.il
>
>
Received on Wed Jul 11 2012 - 22:21:39 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 12 2012 - 12:00:02 MDT