[squid-users] Webpages won't load or load slowly

Amos Jeffries squid3 at treenet.co.nz
Tue Feb 3 13:54:00 UTC 2015


On 4/02/2015 2:01 a.m., Rich549 wrote:
> Eliezer Croitoru-2 wrote
>> Hey Rich,
>>
>> I am yet unsure about the issue you are having and even if squid 3.3.8 
>> is not the latest most of these sites should work fine for you throw
>> squid.
>> I believe that this is the place where we can take a look at the squid 
>> access.log output while surfing to understand the issue better.
>> If you are using IE\FF\Chrome you should have some profiling and network 
>> tools which can help understand the issue from the client side before 
>> running and looking for an issue in the middle.
>>
>> In IE and FF you can use the F12 button to open the tools toolbox and 
>> then go into network tab or icon.
>> You should then be able throw this tool see what happens with all the 
>> requests from the client side.
> 
> Hi,
> 
> Thanks for the suggestion, I've attached a couple of files showing the
> results of that.  I actually see a lot of DENIED errors for pretty much any
> websites using port 443 (SSL). 
> 
> twitter.png
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4669496/twitter.png>  
> Twitter_accesslog.txt
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4669496/Twitter_accesslog.txt>  
> 
> 

Looks like perfectly normal NTLM meets HTTPS traffic behaviour to me.


Browser connects to proxy, proxy replies with 407 listing available auth
schemes.

1422968109.560      0 172.31.21.3 TCP_DENIED/407 3722 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html
1422968109.560      0 172.31.21.3 TCP_DENIED/407 3722 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html
1422968109.561      0 172.31.21.3 TCP_DENIED/407 3722 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html
1422968109.570      0 172.31.21.3 TCP_DENIED/407 4106 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html
1422968109.570      0 172.31.21.3 TCP_DENIED/407 4106 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html
1422968109.579      0 172.31.21.3 TCP_DENIED/407 4106 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html

... taking less than 1ms in Squid.


Browser re-tries request with stage-1 NTLM auth credentials selecting,
proxy responds with NTLM stage-2 challenge.

1422968109.661      0 172.31.21.3 TCP_DENIED/407 3722 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html
1422968109.667      0 172.31.21.3 TCP_DENIED/407 4106 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html
1422968109.679      0 172.31.21.3 TCP_DENIED/407 3722 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html
1422968109.694      0 172.31.21.3 TCP_DENIED/407 3722 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html
1422968109.701      0 172.31.21.3 TCP_DENIED/407 4106 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html
1422968109.706      0 172.31.21.3 TCP_DENIED/407 4106 CONNECT
abs.twimg.com:443 - HIER_NONE/- text/html

... taking less than 1ms in Squid.

Browser re-tries request with NTLM stage-3 auth credentials.

Proxy accepts connection, opens TCP tunnel to upstream server, starts
relaying bytes between client and server...

 NP: there is no timing info on that logged.


40sec later the server closes the connection (having delivered 0
bytes!). Proxy logs completion of the HTTPS stream.

1422968149.730  40156 172.31.21.3 TCP_MISS/200 0 CONNECT
abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 -
1422968149.731  40157 172.31.21.3 TCP_MISS/200 0 CONNECT
abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 -
1422968149.731  40149 172.31.21.3 TCP_MISS/200 0 CONNECT
abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 -
1422968149.731  40056 172.31.21.3 TCP_MISS/200 0 CONNECT
abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 -
1422968149.731  40022 172.31.21.3 TCP_MISS/200 0 CONNECT
abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 -
1422968149.731  40026 172.31.21.3 TCP_MISS/200 0 CONNECT
abs.twimg.com:443 aspleyri HIER_DIRECT/199.96.57.7 -


3.3 may have been introducing a bug, but 3.5 has the fix for that. So
there is nothing wrong here with Squid. The problem is somewhere in the
browser and server interactions.

Amos




More information about the squid-users mailing list