[squid-users] Pages sometimes load as a mess of random (?) symbols
Grey
wehategrey at gmail.com
Thu Oct 5 06:42:26 UTC 2017
Sorry for not including enough informatio nin the first place.
1. Here's my config, keep in mind it's a test server that will eventually
replace the one (not updated) we're using right now so the configuration is
kinda bare-bones:
### TESTSQUID1 ###
http_port 3128
dns_v4_first on
pinger_enable off
netdb_filename none
error_default_language it
cache_mgr helpdesk at test.it
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -r -d
auth_param negotiate children 150
auth_param negotiate keep_alive on
external_acl_type ProxyUser children-max=75 %LOGIN
/usr/lib/squid/ext_kerberos_ldap_group_acl -g INTERNET at TEST.LOCAL -D
TEST.LOCAL -S testldap
acl ProxyUser external ProxyUser
acl AUTH proxy_auth REQUIRED
http_access deny !AUTH all
http_access deny !Safe_ports all
http_access deny CONNECT !SSL_ports all
http_access allow localhost manager
http_access deny manager all
http_access allow localhost all
acl destsquid dstdomain .testquid1 .testsquid2
http_access allow destsquid all
http_access allow ProxyUser all
http_access deny all
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_req reqmod_precache bypass=1
icap://testicap:1344/REQ-Service
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=0
icap://testicap:1344/resp
adaptation_access service_resp allow all
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
2. This is the access log when first loading the page:
1507185342.611 0 99.99.99.99 TCP_DENIED/407 5179 GET
http://www.tomshardware.com/ - HIER_NONE/- text/html
1507185344.121 1473 99.99.99.99 TCP_MISS/200 48225 GET
http://www.tomshardware.com/ testuser HIER_DIRECT/23.40.112.227 text/html
And this is the one after reloading:
1507185356.932 187 99.99.99.99 TCP_MISS/200 47858 GET
http://www.tomshardware.com/ testuser HIER_DIRECT/23.40.112.227 text/html
1507185357.425 0 99.99.99.99 TCP_DENIED/407 4440 GET
http://platform.twitter.com/widgets.js - HIER_NONE/- text/html
1507185357.482 13 99.99.99.99 TCP_MISS/200 2019 GET
http://www.tomshardware.com/medias/favicon/favicon-32x32.png? testuser
HIER_DIRECT/23.40.112.227 image/png
1507185357.548 61 99.99.99.99 TCP_REFRESH_UNMODIFIED/304 516 GET
http://platform.twitter.com/widgets.js testuser HIER_DIRECT/199.96.57.6 -
1507185357.565 0 99.99.99.99 TCP_DENIED/407 4178 CONNECT
www.tomshardware.com:443 - HIER_NONE/- text/html
1507185357.924 0 99.99.99.99 TCP_DENIED/407 4190 CONNECT
syndication.twitter.com:443 - HIER_NONE/- text/html
3. The result of the test at redbot
(https://redbot.org/?uri=http%3A%2F%2Fwww.tomshardware.com%2F if you want to
check it yourself) is:
General
The Pragma header is deprecated.
The Content-Length header is correct.
Content Negotiation (Content Negotiation response )
The resource doesn't send Vary consistently.
The response body is different when content negotiation happens.
Content negotiation for gzip compression is supported, saving 86%.
Caching
Pragma: no-cache is a request directive, not a response directive.
This response can't be stored by a cache.
So it indeed seems that this could be the problem, right? Anything I can do
on my end to resolve/mitigate it?
Thanks for your help.
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list