Re: [squid-users] Fwd: Webapp problems with squid 2.7.STABLE3

From: Chris Nighswonger <cnighswonger_at_foundations.edu>
Date: Sat, 10 Jan 2009 11:01:03 -0500

On Fri, Jan 9, 2009 at 9:22 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> BTW, we started back up for the spring semester yesterday. I did my
>> upgrade over the break. Now I am having multiple sites (many are ssl)
>> unaccessible which were accessible under 2.6.STABLE12. Did I miss some
>> major changes between 2.6 and 2.7? I'm considering rolling back to 2.6
>> to quell the rebellion... :-(
>
> We can't really tell what or if you missed anything without config details
> :).
> Whats the current config and the diff between the old and new squid.conf?

Attached is the current config. The config on the upgrade was a simple
cp of the previous config file. The only thing different now is the
addition of "ignore_expect_100 on" at the end per the suggestion
earlier in this thread. (Which did allow the webapp to work
correctly.)

Regarding ssl sites
(https://pob-w.fidelitybanknc.com/servlet/cefs/online/login-tfb.html
is one example that hangs and times out via squid): Several tcpdumps
seem to indicate that the client sends a connect frame to squid, squid
acknowledges but never passes any traffic on to the internet site.
Generally clients are authenticated via ntlm helper, but I have some
clients that are authenticated based on ip. These clients (ipauthex)
do not have this problem: they connect to these sites fine. This would
seem to indicate an config issue, but what?

I have also attached a pcap file for traffic between an ntlm auth
client and squid. There is no pcap for the same squid to fidelity
connection as there is never any traffic there.

Thanks for the help on this one. If anyone sees any other
optimizations I should have in my squid.conf, feel free to point them
out.

Note: fidelity.txt is really a pcap file.

Kind Regards,
Chris

--
Christopher Nighswonger
Faculty Member
Network & Systems Director
Foundations Bible College & Seminary
www.foundations.edu
www.fbcradio.org


Received on Sat Jan 10 2009 - 16:01:09 MST

This archive was generated by hypermail 2.2.0 : Mon Jan 12 2009 - 12:00:02 MST