Squid is creating a conflict with Firefox 2.0.0.16 causing certain web pages to hang. I'm using Slackware 12.1 and squid-2.5.STABLE10.
I wanted to
read a blog at blogs.zdnet.com. The progress bar never completed. Spin, spin, spin.
I have seen this behavior before with zdnet.com, but I never felt motivated to pursue the issue until today after resolving a different
hanging problem with www.slacky.eu.
I repeated the same troubleshooting sequence I shared in my other thread. Only this time the problem seems to be squid.
When I toggle Firefox to bypass my squid proxy, the zdnet blog pages load as expected and the progress bar completes. If I toggle Firefox to use squid then the progress bar never completes.
Initially I thought the problem might be with a squid ad server ACL. I disabled that ACL option in my squid.conf and restarted squid. No change --- the progress bar will not complete.
Just to be sure, I disabled dnsmasq throughout this exercise, which uses a secondary hosts file to block ads. To be double sure, I disabled the NoScript extension.
The hanging problem is noticeable and repeatable with all the blog pages.
I have not noticed this problem with other web sites.
I ran a tail -f of my squid access.log while also watching the browser status bar. The stall occurs at various URLs.
I then cleared the squid cache. Same results. With squid, Firefox stalls, without squid, the page loads fast.
I disabled my local iptables firewall. Same hanging result.
I disabled the virtualbox drivers and bridge. Same hanging result.
After spinning my wheels I tried Konqueror. Konqueror does not have this problem. Works fast without squid and faster with squid.
I started my Windows NT4 virtual machine (VirtualBox) and tested K-Meleon 1.01 (proxy to host port 3128). Same stall. I tried Firefox 2.0.0.14 (proxy to host port 3128). Same stall. I tried Opera 9.21 (proxy to host port 3128). No stall. The problem seems to be Gecko related, or at least with my preferences configuration.
I'm certain squid combined with Firefox (Gecko?) is the cause of the hanging.
My basic response is what is squid doing to Firefox? And why only the zdnet blog pages?
I stripped Firefox to a new profile and a minimum prefs.js. Same results. Spin, spin, spin.
I wait 10 to 15 minutes and the progress bars never complete.
I successfully tested adding blogs.zdnet.com to the Firefox "no proxy" list, which amounts to the same approach as using Firefox without a proxy, but that does not explain this weird phenomenon.
I'm using squid in accelerator mode and as a transparent proxy. Perhaps an old version, but squid seems to have been working just fine for me, therefore I never updated. Perhaps I need to, I don't know. Yet why only one web site acting this way and why only the blog pages? If I needed to update squid I would expect problems like this more frequently with many web sites.
I've been searching the web for any related reports.
I appreciate any insight where to start troubleshooting. How could I proceed further? I'm stumped, big time.
My squid.conf:
Code:
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 64 MB
maximum_object_size 12 MB
maximum_object_size_in_memory 128 KB
memory_replacement_policy heap LFUDA
cache_dir ufs /var/cache/squid/cache 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
redirect_rewrites_host_header off
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
shutdown_lifetime 5 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl adservers dstdomain "/etc/hosts-adservers-squid"
acl Safe_ports port 21
acl Safe_ports port 70
acl Safe_ports port 80
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 443
acl Safe_ports port 488
acl Safe_ports port 563
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 901
acl Safe_ports port 1025-65535
acl SSL_ports port 443 563
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny adservers
http_access allow localhost
acl localnet src 192.168.1.0/24
http_access allow localnet
http_access deny all
http_reply_access allow all
icp_access allow all
cache_effective_user squid
cache_effective_group squid
forwarded_for off
log_icp_queries off
netdb_low 9900
netdb_high 10000
header_access X-Forwarded-For deny all
header_access Via deny all
coredump_dir /var/cache/squid/cache
Additional info:
/proc/sys/net/ipv4/tcp_ecn =0
/proc/sys/net/ipv4/tcp_window_scaling=1
/proc/sys/net/ipv4/tcp_rmem=4096 87380 16777216
/proc/sys/net/ipv4/tcp_wmem=4096 65536 16777216
As always, thanks.
