[squid-users] Strange Interaction between Squid and Facebook

Patrick Blair - Peapod patrick.blair at ahold.com
Thu Oct 29 21:19:10 UTC 2015


Amos,

Thanks for the reply, I apologize if this doesn't come through correctly as
gmail doesn't seem to be parsing the list emails properly.

Are these https:// traffic arriving to the proxy in the form of CONNECT
> requests?
> Or regular http:// URLs arriving as GET method?
> Is a POST or PUT method request involved with the fetch or just prior?
> Is there an unusual port being used?
> Or an OPTIONS request happening for some reason?


It looks like the vast majority of the requests are arriving as CONNECT
requests, looking like the traffic is already https, I don't see any POST,
PUT or OPTIONS appearing in the logs.

I'm also a bit suspicious in these situations that it might have
> something to do with the network IP-range the clients are on vs the
> uplink being used.
> Is it breaking only when Squid is in the "other" datacenter from the
> client(s) ?
> Is one datacenter IPv6-enabled but not the other ?

We haven't tried a large scale test of the proxy from the working
datacenter, that is an option. The outbound IP will be different from
each datacenter, but I can drive out to the other location and see if
that makes a difference accessing it from the other direction. Neither
datacenter has IPv6 turned on.

You could possibly set "debug_options ALL,0 17,4" to track the Squid
> outbound message forwarding and see what appears to be going on when it
> is connecting out for that domain.

I'll check that option out as well and see if I get any more usable information.


Thanks for the response!

Pat Blair
Sr. Unix Administrator
Peapod, LLC
pblair at peapod.com

-- 
This email and any attachments may contain information that is proprietary,
confidential and/or privileged and for the sole use of the intended 
recipients(s)
only.
If you are not the intended recipient, please notify the sender by return
email and delete all copies of this email and any attachments. Ahold and/or 
its
subsidiaries shall neither be liable for the inaccurate or incomplete 
transmission
of the information contained in this email or any attachments, nor for any 
delay
in its receipt. To the extent this email is intended to create any legal 
obligation,
the obligation shall bind only the contracting entity and not any other 
entity within
the Ahold Group.

-- 
This email and any attachments may contain information that is proprietary,
confidential and/or privileged and for the sole use of the intended 
recipients(s)
only.
If you are not the intended recipient, please notify the sender by return
email and delete all copies of this email and any attachments. Ahold and/or 
its
subsidiaries shall neither be liable for the inaccurate or incomplete 
transmission
of the information contained in this email or any attachments, nor for any 
delay
in its receipt. To the extent this email is intended to create any legal 
obligation,
the obligation shall bind only the contracting entity and not any other 
entity within
the Ahold Group.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151029/57869d93/attachment.html>


More information about the squid-users mailing list