[squid-users] Streaming Radio blocked

Amos Jeffries squid3 at treenet.co.nz
Sun Sep 27 23:33:32 UTC 2015 

On 28/09/2015 9:12 a.m., Yuri Voinov wrote:
> 
> It not seems blocked.
> 
> Blocked URL has TCP_DENIED tag.
> 

Unless the media portion is not even using HTTP. The problem would then
be somewhere else outside Squid.


> 28.09.15 1:54, Henry McLaughlin пишет:
>>>
>>> On 27 September 2015 at 17:07, Henry McLaughlin wrote:
>>>
>>>> I am having problems using a radio streaming application on my
> phone. The
>>>> phone connection is routed via squid proxy server. If I by pass
> squid then
>>>> the radio application works. The application is TuneIn radio
> (tunein.com).
>>>> I have read a number of posts regarding blocking streaming services
> however
>>>> have not found how to unblock one as I suspect the service is blocked by
>>>> default.
>>>>
>>>> The following appears in the access log:
>>>> 1443337149.538   3239 192.168.1.102 TCP_MISS/200 653 GET
>>>> http://ads.tunein.com/creatives? - HIER_DIRECT/176.34.44.113
>>>> application/json
>>>> 1443337151.830   1968 192.168.1.102 TCP_MISS/200 6367 GET
>>>> http://ads.mopub.com/m/ad? - HIER_DIRECT/192.44.68.3 text/html
>>>> 1443337152.292   3661 192.168.1.102 TCP_MISS/200 478 GET
>>>> http://opml.radiotime.com/Report.ashx? - HIER_DIRECT/204.69.221.89
>>>> text/xml
>>>> 1443337152.355   4029 192.168.1.102 TCP_MISS_ABORTED/200 3250 GET
>>>> http://67.212.174.228:10001/ - HIER_DIRECT/67.212.174.228 audio/mpeg


The only problem in this log seems to be the request above. Which is
apparently successfully getting put through to the required server, but
the client aborts it after 4 seconds with only a tiny/3KB amount of
response getting back.

When I try it myself I get an ICY stream back. Squid does support those.
At least 3.1 and later do, if you are using an older Squid you *really*
need to upgrade.



There is a chance that your ISP or some device upstream is blocking the
traffic. Since its aparently getting the response, but not much I
suspect MTU issues somewhere. The HTTP reply headers would get through
as small packets, but the media itself may need large ones that get dropped.


There is a huge amount of advertising being thrown at the client. It
might be spending all its time processing that and not get around to the
actual content you want. Try adding this to squid.conf to eliminate that
and see if things work better:

 acl ads dstdomain ads-bidder-api.twitter.com \
      .google-analytics.com ads.tunein.com ads.mopub.com
 http_access deny ads


The site also has a bunch of HTTP violations:

 * Pragma: no-cache is a request directive, not a response directive.
 * A ranged request returned another representation.
 * The X-XSS-Protection header's syntax isn't valid.
 * Response is negotiated, but doesn't have an appropriate Vary header.
 * The resource doesn't send Vary consistently.

While these are only from the web pages and images of the site they are
bad signs about the developers abilities.

Amos

More information about the squid-users mailing list