[squid-users] Strange Facebook Problems

From: Jason <jason_at_azii.net>
Date: Wed, 19 Aug 2009 20:58:19 -0700

Everyone,

I am running squid 3.1.0.6, transparent/intercepting (non tproxy, non
wpad, etc), nat'ted network, and users are reporting problems using the
uploaders at the facebook website. When I explored this, here is what I
found:

Facebook has two upload methods, a newer java based one, and an older
html forms (i think) based one.

1. Both uploaders work perfectly when I bypass squid.

2. With internet explorer, the old uploader works fine

3. With Internet Explorer, the new uploader fails at first. If you
immediately hit the "Upload" button after the failure, it works.

4. With Firefox, the old uploader gives this error from squid:
ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL:
http://upload.facebook.com
/photos_upload.php
Connection to upload.facebook.com failed.
The system returned: (110) Connection timed out
The remote host or network may be down. Please try the request again.
Your cache administrator is yours truly.

5. With Firefox, the new uploader fails at first. If you immediately
hit the "Upload" button after a failure, it works (just like the IE case).

On the proxy machine:
tcp_window_scaling is off
tcp_ecn is off
.facebook.com is in the "always direct" list I maintain.

Any help in solving this would be great!

Jason

Below is my Config:
qos_flows local-hit=0x30
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80 # http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
acl our_networks src 10.0.0.0/16
http_access allow our_networks
http_access allow localhost
acl directlist dstdomain "/etc/squid/directsites"
always_direct allow directlist
http_access deny all
http_reply_access allow our_networks
http_reply_access allow localhost
http_reply_access deny all
icp_access deny all
htcp_access deny all
htcp_clr_access deny all
miss_access allow our_networks
miss_access allow localhost
miss_access deny all
http_port 10.0.0.1:3594 transparent disable-pmtu-discovery=transparent
http_port 127.0.0.1:3594 transparent disable-pmtu-discovery=transparent
cache_mem 128 MB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /squida 21760 16 256
cache_dir aufs /squidb 21760 16 256
cache_dir aufs /squidc 21760 16 256
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 10 MB
cache_swap_low 95
cache_swap_high 97
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
mime_table /etc/squid/mime.conf
pid_filename /var/run/squid.pid
log_fqdn off
strip_query_terms off
unlinkd_program /usr/lib/squid/unlinkd
url_rewrite_program /usr/bin/squidGuard
url_rewrite_children 32
url_rewrite_concurrency 0
url_rewrite_host_header on
url_rewrite_bypass off
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
quick_abort_min 50 KB
quick_abort_max 50 KB
quick_abort_pct 50
read_ahead_gap 16 KB
negative_ttl 0 minutes
positive_dns_ttl 5 minutes
negative_dns_ttl 10 seconds
range_offset_limit 0 KB
request_header_max_size 128 KB
reply_header_max_size 128 KB
ie_refresh on
request_entities on
forward_timeout 1 minutes
connect_timeout 20 seconds
shutdown_lifetime 3 seconds default
cache_mgr support_at_azii.net
cache_effective_user proxy
cache_effective_group proxy
visible_hostname integrityinternet.net
snmp_port 45656
snmp_access allow our_networks
snmp_access allow localhost
snmp_access deny all
snmp_incoming_address 10.0.0.1
icon_directory /usr/share/squid/icons
dns_nameservers 127.0.0.1
ipcache_size 5120
ipcache_low 95
ipcache_high 97
fqdncache_size 5120
memory_pools_limit 512 MB
client_db off
uri_whitespace strip
coredump_dir /squida
pipeline_prefetch off
client_persistent_connections off
server_persistent_connections off
Received on Thu Aug 20 2009 - 03:57:46 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 20 2009 - 12:00:04 MDT