[squid-users] Strange Interaction between Squid and Facebook

Patrick Blair - Peapod patrick.blair at ahold.com
Thu Oct 29 23:17:08 UTC 2015


Hi Eliezer,

First, THANK YOU for packaging squid for CentOS 7! I actually reused your
SRPM for my squid 3.5.x builds, just changed a few options :)

About the issue itself.
> Couple questions?
> Are you running\using ssl-bump or not?

No, not at all, it should just be set to "none"


> When a client request is being aborted what do you see in the squid
> access.log?

All I've been seeing is CONNECT messages for the facebook URIs,
nothing in the logs that indicates a failure

 From what I know facebook works in HTTPS and an abort can be mainly
> because of a network issue or application level issue.
> Since I am working with squid 3.5.10 and I do not have this issue with
> ssl-bump ON or OFF it is unclear what is causing the issue.

It is very unclear, our network team is trying to determine if a
network issue may be in play, but we believe that is unlikely...

I couldn't understand how you ran the tests.
> I do understand that you have two proxies and one is peering to the
> other, right?

Apologies if that wasn't clear, I'll try to give a better explanation:

   - There is always one proxy in this situation.
   - The difference is that we run the proxy out of our secondary
   datacenter and route all user internet traffic through that location so it
   doesn't cause any issues with the traffic to our website flowing in and out
   of our primary datacenter.
   - A test instance I used to recreate the squid instance that is having
   the issues with, works as expected in our primary datacenter, however, the
   older version of squid we were using is located in the secondary datacenter
   and also works as expected, only the newer version doesn't work.


Thanks for your help!

Pat Blair
Sr. Unix Administrator
Peapod, LLC
pblair at peapod.com

-- 
This email and any attachments may contain information that is proprietary,
confidential and/or privileged and for the sole use of the intended 
recipients(s)
only.
If you are not the intended recipient, please notify the sender by return
email and delete all copies of this email and any attachments. Ahold and/or 
its
subsidiaries shall neither be liable for the inaccurate or incomplete 
transmission
of the information contained in this email or any attachments, nor for any 
delay
in its receipt. To the extent this email is intended to create any legal 
obligation,
the obligation shall bind only the contracting entity and not any other 
entity within
the Ahold Group.

-- 
This email and any attachments may contain information that is proprietary,
confidential and/or privileged and for the sole use of the intended 
recipients(s)
only.
If you are not the intended recipient, please notify the sender by return
email and delete all copies of this email and any attachments. Ahold and/or 
its
subsidiaries shall neither be liable for the inaccurate or incomplete 
transmission
of the information contained in this email or any attachments, nor for any 
delay
in its receipt. To the extent this email is intended to create any legal 
obligation,
the obligation shall bind only the contracting entity and not any other 
entity within
the Ahold Group.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151029/df7086dd/attachment.html>


More information about the squid-users mailing list