Hello, I have a squid that was working great with virtually all traffic.
Then a few days ago people began reporting issues with sites that used
https.
If it was a large amount of data to be transferred, like attaching a large
document to a webmail, it would just hang.
Other https sites that used java, or aspx, or things like that would
frequently hang too.
I'm at my wits end trying to figure out what went wrong. I didn't change
anything. If anyone has any ideas how I can troubleshoot this I would be
so grateful.
here is my squid.conf
---------------------------------------------------------------------------------------------------------------------
http_port 3128
http_port 80
https_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 168 MB
cache_dir ufs /usr/local/squid/cache 400 16 256
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
pid_filename /usr/local/squid/logs/squid.pid
debug_options 4,10 26,3
ftp_sanitycheck off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl fulda dst 130.0.0.0/255.0.0.0
acl origNet src 192.9.70.0/255.255.255.0
acl abyzNetU src 130.16.64.0/255.255.192.0
acl abyzNetW src 130.16.128.0/255.255.192.0
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl scanner dst 192.9.70.243
acl autoweb dst 67.109.76.29
acl SSL_ports port 443 563
acl Safe_ports port 1025-4000
acl CONNECT method CONNECT
acl awubi src 130.16.128.193
http_access allow awubi
acl hp dstdomain .hp.com
always_direct allow hp
acl gms dstdomain .gmsupplypower.com
always_direct allow gms
acl tpm dstdomain .tripmanager.com
always_direct allow tpm
acl avgate dstdomain .avgate.net
always_direct allow avgate
acl gm dstdomain .gm.com
always_direct allow gm
acl aweb dstdomain .autoweb.net
always_direct allow aweb
acl pgc dstdomain .puregreencars.com
always_direct allow pgc
acl vpn dstdomain .customer1.com
always_direct allow vpn
acl dcx dstdomain .customer1.com
always_direct allow dcx
acl ead dstdomain .abyzaerodef.com
always_direct allow ead
acl scott dstdomain .scottrade.com
always_direct allow scott
acl interstate dstdomain .interstatetraveler.us
always_direct allow interstate
acl volker1 dstdomain .cvent.com
always_direct allow volker1
acl sapallow dst 130.10.198.10/32
acl gmutils dst 130.170.126.202/32
acl gmutils2 dstdomain a.b.c.com
acl gmutils3 dstdomain .gm.com
acl gmutils4 dst 130.170.0.0/16
acl gmutils5 port 443
acl aribert dstdomain .dayrunner.com
acl mariusz src 130.16.128.127
acl ebay dstdomain .ebay.com
acl sols dst 198.63.61.35
acl sols2 dstdomain www2.abyz-us.com
acl sols3 dstdomain .abyz-us.com
acl chry4 dstdomain vpnpasswd.tcc.customer1.com
acl chry5 dstdomain roadmap.tcc.cser.com
acl chry6 dstdomain .customer1.com
acl chry7 dstdomain intra-wiw.e.customer1.com
acl chry8 dstdomain web3270.appl.customer1.com
acl chryextra dstdomain web3270.extra.customer1.com
acl chry9 dstdomain anywhere.customer1.com
acl hotel5 dst 15.173.128.247/32
acl hotel6 dst 155.72.128.147/32
acl brasil1 dst 200.245.73.181
acl abyz_forbidden url_regex
"/usr/local/squid/etc/abyzforbidden/abyz_blocked.txt"
acl abyz_forbidden_always url_regex
"/usr/local/squid/etc/abyzforbidden/abyz_deny.always"
acl abyz_forbidden_lunch url_regex
"/usr/local/squid/etc/abyzforbidden/abyz_deny.lunch"
http_access allow volker1
http_access allow scanner
http_access allow autoweb
http_access allow sapallow
http_access allow gmutils
http_access allow gmutils2
http_access allow gmutils4
http_access allow gmutils5
http_access allow ebay
http_access allow mariusz
http_access deny abyz_forbidden
http_access allow sols
http_access allow sols2
http_access allow sols3
http_access allow chry4
http_access allow chry5
http_access allow chry6
http_access allow chry7
http_access allow chry8
http_access allow chry9
http_access allow hotel5
http_access allow hotel6
http_access allow brasil1
http_access allow aribert
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow fulda
http_access allow origNet
http_access allow abyzNetW
http_access allow abyzNetU
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr help@abyz-us.com
cache_effective_user squid
cache_effective_group squid
visible_hostname srvproxy228
dns_testnames google.com internic.net nlanr.net ibm.com
--------------------------------------------------------------------------------------------------
Thanks,
Dean Durant
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.Received on Thu May 08 2008 - 19:03:19 MDT
This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:03 MDT