Gonzalo PG wrote:
> Hello,
>
> I'm running Squid Cache: Version 3.0.STABLE13 with ntlm auth, using
> samba-3.2.10 and winbind, also SquidGuard 1.4
>
> We are going to improve our structure with "load balancing" + "hight
> availability" with two servers running squid and a proxy.pac file (I
> would preffer to do this with LVS + Heartbeat, but at the moment the
> accepted solution is this). In this proxy.pac one subnet will go
> trought proxy1 and the other trought proxy2, but when one of the
> proxies go down the file will redirect to the other.
>
> I´ve read about an Internet Explorer issue with this configuration:
> In the PAC file, it is perfectly valid to return back multiple proxy
> servers in the return. The browser will first try to use the first
> proxy and, should it timeout or appear to fail, retry the query on the
> second and then third and so on. Again, this sounds relatively
> harmless but Internet Explorer interprets "timeout" very loosely.
> Experience has shown that if a user tries to access a WEB PAGE that
> doesn’t respond back in a timely manner IE will decide that it is the
> result of a proxy timeout and start sending requests to the secondary
> proxy. Needless to say, if your proxies are geographically dispersed
> this can start to spray traffic all across the WAN. This could be
> potentially mitigated by doing very careful tuning with proxy and
> Internet Explorer timeouts.
>
> I would like to know if is any parameter in the squid conf to prevent
> this to occur, or any way to make I.E. understand that the timeout
> comes from the url and not from the proxy
>
Well, you can just make sure your Squid is set up with less patience
than your browser...
http://www.squid-cache.org/Doc/config/connect_timeout/
http://www.squid-cache.org/Doc/config/dns_timeout/
http://www.squid-cache.org/Doc/config/pconn_timeout/
http://www.squid-cache.org/Doc/config/persistent_request_timeout/
http://www.squid-cache.org/Doc/config/read_timeout/
http://www.squid-cache.org/Doc/config/request_timeout/
> Thanks a lot
>
> Gontzal
>
Chris
Received on Wed May 27 2009 - 19:31:38 MDT
This archive was generated by hypermail 2.2.0 : Thu May 28 2009 - 12:00:01 MDT