[squid-users] https hanging on large attachments in webmail {Scanned}

From: Dean Durant <dean.durant@dont-contact.us>
Date: Thu, 8 May 2008 15:03:45 -0400

Hello, I have a squid that was working great with virtually all traffic.
Then a few days ago people began reporting issues with sites that used
https.

If it was a large amount of data to be transferred, like attaching a large
document to a webmail, it would just hang.

Other https sites that used java, or aspx, or things like that would
frequently hang too.

I'm at my wits end trying to figure out what went wrong. I didn't change
anything. If anyone has any ideas how I can troubleshoot this I would be
so grateful.

here is my squid.conf
---------------------------------------------------------------------------------------------------------------------
http_port 3128
http_port 80
https_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 168 MB

cache_dir ufs /usr/local/squid/cache 400 16 256

cache_access_log /usr/local/squid/logs/access.log

cache_log /usr/local/squid/logs/cache.log

pid_filename /usr/local/squid/logs/squid.pid

debug_options 4,10 26,3

ftp_sanitycheck off

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl fulda dst 130.0.0.0/255.0.0.0
acl origNet src 192.9.70.0/255.255.255.0
acl abyzNetU src 130.16.64.0/255.255.192.0
acl abyzNetW src 130.16.128.0/255.255.192.0
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl scanner dst 192.9.70.243
acl autoweb dst 67.109.76.29
acl SSL_ports port 443 563
acl Safe_ports port 1025-4000
acl CONNECT method CONNECT

acl awubi src 130.16.128.193
http_access allow awubi

acl hp dstdomain .hp.com
always_direct allow hp

acl gms dstdomain .gmsupplypower.com
always_direct allow gms

acl tpm dstdomain .tripmanager.com
always_direct allow tpm

acl avgate dstdomain .avgate.net
always_direct allow avgate

acl gm dstdomain .gm.com
always_direct allow gm

acl aweb dstdomain .autoweb.net
always_direct allow aweb

acl pgc dstdomain .puregreencars.com
always_direct allow pgc

acl vpn dstdomain .customer1.com
always_direct allow vpn

acl dcx dstdomain .customer1.com
always_direct allow dcx

acl ead dstdomain .abyzaerodef.com
always_direct allow ead

acl scott dstdomain .scottrade.com
always_direct allow scott

acl interstate dstdomain .interstatetraveler.us
always_direct allow interstate

acl volker1 dstdomain .cvent.com
always_direct allow volker1

acl sapallow dst 130.10.198.10/32
acl gmutils dst 130.170.126.202/32
acl gmutils2 dstdomain a.b.c.com
acl gmutils3 dstdomain .gm.com
acl gmutils4 dst 130.170.0.0/16
acl gmutils5 port 443
acl aribert dstdomain .dayrunner.com
acl mariusz src 130.16.128.127
acl ebay dstdomain .ebay.com
acl sols dst 198.63.61.35
acl sols2 dstdomain www2.abyz-us.com
acl sols3 dstdomain .abyz-us.com
acl chry4 dstdomain vpnpasswd.tcc.customer1.com
acl chry5 dstdomain roadmap.tcc.cser.com
acl chry6 dstdomain .customer1.com
acl chry7 dstdomain intra-wiw.e.customer1.com
acl chry8 dstdomain web3270.appl.customer1.com
acl chryextra dstdomain web3270.extra.customer1.com
acl chry9 dstdomain anywhere.customer1.com
acl hotel5 dst 15.173.128.247/32
acl hotel6 dst 155.72.128.147/32
acl brasil1 dst 200.245.73.181

acl abyz_forbidden url_regex
"/usr/local/squid/etc/abyzforbidden/abyz_blocked.txt"

acl abyz_forbidden_always url_regex
"/usr/local/squid/etc/abyzforbidden/abyz_deny.always"
acl abyz_forbidden_lunch url_regex
"/usr/local/squid/etc/abyzforbidden/abyz_deny.lunch"
http_access allow volker1
http_access allow scanner
http_access allow autoweb
http_access allow sapallow
http_access allow gmutils
http_access allow gmutils2
http_access allow gmutils4
http_access allow gmutils5
http_access allow ebay
http_access allow mariusz
http_access deny abyz_forbidden
http_access allow sols
http_access allow sols2
http_access allow sols3
http_access allow chry4
http_access allow chry5
http_access allow chry6
http_access allow chry7
http_access allow chry8
http_access allow chry9
http_access allow hotel5
http_access allow hotel6
http_access allow brasil1
http_access allow aribert
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow fulda
http_access allow origNet
http_access allow abyzNetW
http_access allow abyzNetU

http_access deny all

http_reply_access allow all

icp_access allow all

cache_mgr help@abyz-us.com

cache_effective_user squid
cache_effective_group squid
visible_hostname srvproxy228

dns_testnames google.com internic.net nlanr.net ibm.com

--------------------------------------------------------------------------------------------------

Thanks,

Dean Durant

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Received on Thu May 08 2008 - 19:03:19 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:03 MDT