[squid-users] Weird problem with .aspx page

From: marius buz <buzmarius_at_yahoo.com>
Date: Wed, 29 May 2013 01:32:02 -0700 (PDT)

Hello. At work I "inherited" a Linux box router, Fedora Core 6, firewall with iptables 1.3.8 and squid 2.6.STABLE13. I decided it's time to move on and installed a new box, with Fedora Core 18, firewall with iptables 1.4.16.2 and squid 3.2.9. Didn't had any complaints until yesterday when accounting dept. told me one site it's not loading anymore: http://www.bnro.ro which redirects to http://www.bnro.ro/Home.aspx It's the site of our national bank and contains relevant data for them. Any other sites with .aspx are loading just fine. I was puzzled so I decided to shutdown squid and stop redirecting packets to it. Surprise, the site began to load. My problem is: why the old server with squid didn't had any issue with this .aspx page and the new one has ? I'm pasting below the squid.conf files from the old and the new server, maybe (for sure) I missed some settings. OLD server (XXX instead sensitive data) http_port 10.0.0.1:8081 transparent logformat acclog %tl %>a %Ss/%Sh/%03Hs %rm %ru %<A cache_mgr XXX cache_dir ufs /var/cache/squid 256 16 128 logfile_rotate 2 cache_access_log /var/log/squid/cache_acces_log acclog cache_store_log none cache_mem 64 MB emulate_httpd_log on cache_vary off maximum_object_size 10 MB maximum_object_size_in_memory 32 KB max_filedesc 4096 log_icp_queries off forwarded_for off visible_hostname XXX debug_options ALL,1 28,2 82,2 acl all src 10.0.0.0/24 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80          # http acl Safe_ports port 443 563     # https, snews acl Safe_ports port 70          # gopher acl Safe_ports port 210         # wais acl Safe_ports port 1025-65535  # unregistered ports acl purge method PURGE acl CONNECT method CONNECT acl denied_domains dstdomain -i "/etc/squid/denied_domains.acl" acl denied src "/etc/squid/denied_range.acl" # Allow localhost to manage the cache http_access allow manager localhost http_access deny manager # Allow localhots to purge the cache http_access allow purge localhost http_access deny purge # Deny all ports except those mentioned as safe-ports http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # Allow access to use Squid from localhost http_access allow localhost # Custom rules http_access deny denied denied_domains NEW server (XXX instead sensitive data) http_port 10.0.0.1:8081 intercept logformat acclog %tl %>a %Ss/%Sh/%03>Hs %rm %ru %<A cache_mgr XXX cache_effective_user squid cache_effective_group squid cache_dir ufs /var/cache/squid 256 16 128 logfile_rotate 2 cache_access_log stdio:/var/log/squid/cache_acces_log acclog cache_store_log none cache_mem 64 MB negative_ttl 1 minute maximum_object_size 10 MB maximum_object_size_in_memory 100 KB max_filedescriptors 0 log_icp_queries off forwarded_for off visible_hostname XXX debug_options ALL,1 28,2 80,2 82,2 httpd_suppress_version_string on client_persistent_connections on server_persistent_connections on acl SSL_ports port 443 563 acl Safe_ports port 80          # http acl Safe_ports port 443 563     # https, snews acl Safe_ports port 70          # gopher acl Safe_ports port 210         # wais acl Safe_ports port 1025-65535  # unregistered ports acl purge method PURGE acl CONNECT method CONNECT acl denied_domains dstdomain -i "/etc/squid/denied_domains.acl" acl denied src "/etc/squid/denied_range.acl" acl url_ads url_regex -i "/etc/squid/denied_ads.acl" acl spam dst "/etc/squid/spam.acl" acl domain_ads dstdom_regex -i "/etc/squid/ads.acl" acl NoProxy urlpath_regex -i cgi-bin/nph-.*/ nph-proxy\.cgi cgiproxy acl NoProxyIP dst "/etc/squid/proxies.acl" acl seara time MTWHFAS 19:00-23:59 acl noaptea time MTWHFAS 00:00-07:00 ***#refresh_pattern -i \.(asp|aspx)(\?.*)?$ 0 20% 6000 override-expire override-lastmod ignore-private ignore-reload ***refresh_pattern .aspx 0 0% 0 ***refresh_pattern .asp 0 0% 0 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # Allow localhost to manage the cache http_access allow localhost manager http_access deny manager # Allow localhots to purge the cache http_access allow purge localhost http_access deny purge # Deny all ports except those mentioned as safe-ports http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # Allow access to use Squid from localhost http_access allow localhost # Custom rules http_reply_access deny denied denied_domains http_access deny denied denied_domains http_access deny url_ads http_access deny domain_ads http_access deny spam http_access deny CONNECT denied_domains denied http_access deny denied NoProxy seara http_access deny denied NoProxyIP seara http_access deny denied NoProxy noaptea http_access deny denied NoProxyIP noaptea As you can see, the acls are pretty much the same, my guess the problem is with refresh_pattern. I have tried different approaches, see lines with ***. All other pages with .aspx are loading, http://www.bnro.ro/Home.aspx doesn't load. Advices from here http://www.squid-cache.org/mail-archive/squid-users/201001/0398.html still don't fix the problem. Could be because of this: http://support.microsoft.com/?scid=kb%3Ben-us%3B841998&x=14&y=9 but all browsers do the same, not only IE. Workaround ? 1. Do not call the Response.Flush method in the code. It's not up to me. 2. Do not go through a server that is running SQUID Proxy Server software. Maybe bypass squid for this site ? I'm waiting your advices. Buz Marius
Received on Wed May 29 2013 - 08:32:10 MDT

This archive was generated by hypermail 2.2.0 : Wed May 29 2013 - 12:00:07 MDT