We run a transparent squid proxy (2.5.STABLE9). Recently I've
received complaints about one site in particular: the Star Wars
Galaxies site (we're a high school, if that helps explain anything).
It takes a lot longer to load than any other site, and I'm at a loss
to explain why.
I have packet traces (which I can post if they'll help) which appear
to show that when Squid attempts the connection to the server, it
stalls and re-sends the initial request several times. My firewall
appears to disregard these additional packets. After 10-30 seconds,
the request does make it through, and then the page downloads
regularly.
Since it's only for this site, I'm fairly confident that it isn't a
general issue with my configuration. To help isolate the issue, I've
attempted the following:
- Connect straight through the firewall, with no transparent proxy.
The connection works fine, with no delay. This shows that taking
the squid box out of the equation resolves the problem.
- Connect to the server from the squid box, but do not route the
request through squid. The connection works fine. This shows that
taking the squid process out of the equation resolves the problem.
- Connect through squid, but using "real" proxy settings (instead of
interception). Site loading shows the delay. This shows that
*any* type of squid proxying (not just interception) causes the
issue.
Any suggestions on what I should try next? The URL I'm trying to hit
is:
http://forums.station.sony.com/swg/
My only guesses are some kind of weird TCP options, or the server not
liking extra headers added in by the squid server. I'm not saying
that squid is doing anything wrong (I have no problem telling the
users if the web server is behaving badly), but I need to have some
kind of proof to back it up.
TIA,
Jason
-- Jason Healy http://www.logn.net/Received on Thu Jan 12 2006 - 18:43:13 MST
This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST