two things:
post a more detailed squid.conf to see if there is something wrong there.
i am using squid3.1.19 and 3.2.16-17 and it works like for many others.
this problem can be an issue about routing and not related to squid at all.
a 504 code is:
10.5.5 504 Gateway Timeout
The server, while acting as a gateway or proxy, did not receive a timely
response from the upstream server specified by the URI (e.g. HTTP, FTP,
LDAP) or some other auxiliary server (e.g. DNS) it needed to access in
attempting to complete the request.
Note: Note to implementors: some deployed proxies are known to
return 400 or 500 when DNS lookups time out.
is there any enforcement on the usage of the cache_peer on the ip leve?
ie. without the cache_peer proxy can you get sites fine?
Eliezer
On 7/11/2012 12:42 PM, Crawford, Ben wrote:
> Hi All,
>
> I have run into a problem with not being able to access a few specific
> things on the web when running through our local proxy.
>
> Some details:
> * The current setup is a Linux box running squid 3.1.19.
> * This is being run behind a pfsense box that is load balancing our
> two internet connections
> * Both internet connections are behind the same proxy (we are actually
> on a private network), which is set as the parent for our internal
> proxy
> * Squid is running in intercept mode
>
> With this setup, most things work as expected; I can visit web pages,
> watch youtube videos, upload attachments to gmail. However, some
> things are not working. The easiest example is speedtest.net. I can
> run the download test, but the upload test always fails. Trying to
> watch content on tvnz.co.nz (on demand content) does not work either.
>
> When running traffic without our internal proxy (ie direct to the
> parent) everything works fine. I'm stuck and can't find any
> solutions.
>
> Here is what I have tried so far:
> * First, I was hoping to run squid on the pfsense box, but ran into
> similar problems, so I tried to isolate the problem by putting in the
> Linux box. (never a bad idea to be running more recent version of
> squid either, it may be needed shortly for some of the newer features
> anyway)
> * Instead of running my full squid.conf, I am using the default
> squid.conf with just the extra line to access the parent (cache_peer
> 10.55.240.250 parent 3128 3130 no-query default login=PASS)
> * I've read bits and pieces about similar problems dealing with sysctl
> and some ipv4 settings. None of this seemed to apply, and what I did
> try didn't work.
> * Checking on the specific web pages in firefox using firebug and I
> can see some 504 errors (seemingly only on POST) - this lead me to
> check the logs for POST with 504 errors (see logs below)
> * Checked the problem in IE, Chrome and Firefox
> * Lots of googleing and reading of squid documentation
>
> Here is what is showing in the squid logs where there is a 504 with a
> POST, you'll notice that most are for the local speedtest.net testing.
> I figured not much point finding lots of sites when just a few are
> causing problems.
>
> 1342030821.058 59542 10.161.128.34 TCP_MISS/504 4301 POST
> http://speedtest.worldnet.co.nz/speedtest.net/speedtest/upload.php? -
> DIRECT/202.169.192.58 text/html
> 1342030821.058 59536 10.161.128.34 TCP_MISS/504 4300 POST
> http://speedtest.worldnet.co.nz/speedtest.net/speedtest/upload.php? -
> DIRECT/202.169.192.58 text/html
> 1342039010.134 60806 10.161.128.34 TCP_MISS/504 4285 POST
> http://rt1403.infolinks.com/action/doq.htm? - DIRECT/64.71.153.213
> text/html
> 1342039947.624 59642 10.161.128.34 TCP_MISS/504 4834 POST
> http://c.brightcove.com/services/messagebroker/amf? -
> DIRECT/8.19.200.152 text/html
> 1342040562.565 61340 10.161.128.34 TCP_MISS/504 4469 POST
> http://2975c.v.fwmrm.net/ad/p/1? - DIRECT/75.98.70.31 text/html
> 1342040573.047 59531 10.161.128.34 TCP_MISS/504 4834 POST
> http://c.brightcove.com/services/messagebroker/amf? -
> DIRECT/8.19.200.152 text/html
> 1342040679.001 59688 10.161.128.34 TCP_MISS/504 4838 POST
> http://c.brightcove.com/services/messagebroker/amf? -
> DIRECT/64.152.208.202 text/html
> 1342040700.694 59871 10.161.128.34 TCP_MISS/504 4469 POST
> http://2975c.v.fwmrm.net/ad/p/1? - DIRECT/75.98.70.31 text/html
> 1342040742.908 60168 10.161.128.34 TCP_MISS/504 4295 POST
> http://speedtest.orcon.net.nz/speedtest/upload.php? -
> DIRECT/219.88.241.70 text/html
> 1342040742.908 60162 10.161.128.34 TCP_MISS/504 4296 POST
> http://speedtest.orcon.net.nz/speedtest/upload.php? -
> DIRECT/219.88.241.70 text/html
> 1342042640.381 60407 10.161.128.34 TCP_MISS/504 4295 POST
> http://speedtest.orcon.net.nz/speedtest/upload.php? -
> DIRECT/219.88.241.70 text/html
> 1342042640.381 60026 10.161.128.34 TCP_MISS/504 4297 POST
> http://speedtest.orcon.net.nz/speedtest/upload.php? -
> DIRECT/219.88.241.70 text/html
> 1342042921.326 60879 10.161.128.34 TCP_MISS/504 4831 POST
> http://c.brightcove.com/services/messagebroker/amf? -
> DIRECT/64.152.208.202 text/html
>
>
> Any suggestions about getting the rest of the web up running through
> our local squid would be most appreciated.
>
> Cheers,
> Ben
>
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Wed Jul 11 2012 - 16:25:18 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 12 2012 - 12:00:02 MDT