tproxy 4.1 squid 3.1.19 not working for yahoo mail
I am using linux kernel 3.2.21 ( also tested a few other versions ). Basically I could get basic tproxy working by following this instruction. http://wiki.squid-cache.org/Features/Tproxy4 Everything I follow strictly except rp_filter I have to set to zero. Then I could visit some website and it seems tproxy is working. However I have problem with one or two website, yahoo mail in particular, which is not working well. I wonder if this is the forum which I could post some follow details in troubleshooting the problem ? The symptom of the problem is slow in login and impossible to logout from yahoo mail. The browser complains of zero byte received. 2012/07/01 20:08:50.410| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet' 2012/07/01 20:08:50.416| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration. 2012/07/01 20:08:50.416| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet' 2012/07/01 20:08:54.899| connReadWasError: FD 9: got flag -1 2012/07/01 20:08:54.904| ConnStateData::swanSong: FD 9 2012/07/01 20:08:55.490| The request GET http://us.mc1614.mail.yahoo.com/mc/welcome?.gx=1&.tm=1341173241&.rand=foctjd... is ALLOWED, because it matched 'localnet' 2012/07/01 20:08:55.501| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration. 2012/07/01 20:08:55.501| The request GET http://us.mc1614.mail.yahoo.com/mc/welcome?.gx=1&.tm=1341173241&.rand=foctjd... is ALLOWED, because it matched 'localnet' 2012/07/01 20:10:10.020| connReadWasError: FD 9: got flag -1 2012/07/01 20:10:10.027| ConnStateData::swanSong: FD 9 2012/07/01 20:10:10.072| connReadWasError: FD 20: got flag -1 2012/07/01 20:10:10.079| connReadWasError: FD 18: got flag -1 2012/07/01 20:10:10.080| connReadWasError: FD 22: got flag -1 2012/07/01 20:10:10.080| connReadWasError: FD 10: got flag -1 2012/07/01 20:10:10.081| ConnStateData::swanSong: FD 20 2012/07/01 20:10:10.082| ConnStateData::swanSong: FD 18 2012/07/01 20:10:10.082| ConnStateData::swanSong: FD 22 2012/07/01 20:10:10.084| ConnStateData::swanSong: FD 10 2012/07/01 20:10:10.096| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet' 2012/07/01 20:10:10.096| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration. 2012/07/01 20:10:10.096| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet' 2012/07/01 20:10:16.984| ctx: exit level 0 2012/07/01 20:10:16.992| WARNING: HTTP: Invalid Response: No object data received for http://mail.yahoo.com/ AKA mail.yahoo.com/ 2012/07/01 20:10:16.994| fwdServerClosed: FD 10 http://mail.yahoo.com/ 2012/07/01 20:10:23.515| ctx: exit level 0 2012/07/01 20:10:23.521| WARNING: HTTP: Invalid Response: No object data received for http://mail.yahoo.com/ AKA mail.yahoo.com/ 2012/07/01 20:10:23.523| fwdServerClosed: FD 10 http://mail.yahoo.com/ 2012/07/01 20:10:29.892| ctx: exit level 0 2012/07/01 20:10:29.899| WARNING: HTTP: Invalid Response: No object data received for http://mail.yahoo.com/ AKA mail.yahoo.com/ 2012/07/01 20:10:29.901| fwdServerClosed: FD 10 http://mail.yahoo.com/ 2012/07/01 20:10:29.915| The reply for GET http://mail.yahoo.com/ is ALLOWED, because it matched 'all'
Hi, On Tue 10 Jul 2012 02:27:51 AM CEST, Ming-Ching Tiew wrote:
I am using linux kernel 3.2.21 ( also tested a few other versions ).
Basically I could get basic tproxy working by following this instruction.
http://wiki.squid-cache.org/Features/Tproxy4
Everything I follow strictly except rp_filter I have to set to zero. Then I could visit some website and it seems tproxy is working. However I have problem with one or two website, yahoo mail in particular, which is not working well. I wonder if this is the forum which I could post some follow details in troubleshooting the problem ?
The symptom of the problem is slow in login and impossible to logout from yahoo mail. The browser complains of zero byte received.
2012/07/01 20:08:50.410| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet' 2012/07/01 20:08:50.416| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration. 2012/07/01 20:08:50.416| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet' 2012/07/01 20:08:54.899| connReadWasError: FD 9: got flag -1 2012/07/01 20:08:54.904| ConnStateData::swanSong: FD 9 2012/07/01 20:08:55.490| The request GET http://us.mc1614.mail.yahoo.com/mc/welcome?.gx=1&.tm=1341173241&.rand=foctjd... is ALLOWED, because it matched 'localnet' 2012/07/01 20:08:55.501| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration. 2012/07/01 20:08:55.501| The request GET http://us.mc1614.mail.yahoo.com/mc/welcome?.gx=1&.tm=1341173241&.rand=foctjd... is ALLOWED, because it matched 'localnet' 2012/07/01 20:10:10.020| connReadWasError: FD 9: got flag -1 2012/07/01 20:10:10.027| ConnStateData::swanSong: FD 9 2012/07/01 20:10:10.072| connReadWasError: FD 20: got flag -1 2012/07/01 20:10:10.079| connReadWasError: FD 18: got flag -1 2012/07/01 20:10:10.080| connReadWasError: FD 22: got flag -1 2012/07/01 20:10:10.080| connReadWasError: FD 10: got flag -1 2012/07/01 20:10:10.081| ConnStateData::swanSong: FD 20 2012/07/01 20:10:10.082| ConnStateData::swanSong: FD 18 2012/07/01 20:10:10.082| ConnStateData::swanSong: FD 22 2012/07/01 20:10:10.084| ConnStateData::swanSong: FD 10 2012/07/01 20:10:10.096| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet' 2012/07/01 20:10:10.096| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration. 2012/07/01 20:10:10.096| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet' 2012/07/01 20:10:16.984| ctx: exit level 0 2012/07/01 20:10:16.992| WARNING: HTTP: Invalid Response: No object data received for http://mail.yahoo.com/ AKA mail.yahoo.com/ 2012/07/01 20:10:16.994| fwdServerClosed: FD 10 http://mail.yahoo.com/ 2012/07/01 20:10:23.515| ctx: exit level 0 2012/07/01 20:10:23.521| WARNING: HTTP: Invalid Response: No object data received for http://mail.yahoo.com/ AKA mail.yahoo.com/ 2012/07/01 20:10:23.523| fwdServerClosed: FD 10 http://mail.yahoo.com/ 2012/07/01 20:10:29.892| ctx: exit level 0 2012/07/01 20:10:29.899| WARNING: HTTP: Invalid Response: No object data received for http://mail.yahoo.com/ AKA mail.yahoo.com/ 2012/07/01 20:10:29.901| fwdServerClosed: FD 10 http://mail.yahoo.com/ 2012/07/01 20:10:29.915| The reply for GET http://mail.yahoo.com/ is ALLOWED, because it matched 'all'
Have you tried reporting this issue to the squid mailing list? Unfortunately I'm not a squid expert -- and even if this was not a squid issue -- a solid knowledge of Squid internals is most probably necessary to successfully triage the bug. -- KOVACS Krisztian
----- Original Message ----- From: KOVACS Krisztian <hidden@balabit.hu>
Have you tried reporting this issue to the squid mailing list? Unfortunately I'm not a squid expert -- and even if this was not a squid issue -- a solid knowledge of Squid internals is most probably necessary to successfully triage the bug.
Thank you for responding to this post. I reported to squid forum, but I could not get any response, I suspect all the squid developers are not really using squid in tproxy mode - the needed setup is troublesome for them to repeat the problem or perhaps they don't even think it could be squid problem. :) Basically the problem I see is even seen since squid 2.6 on kernel 2.6.25 ( I worked on squid/tproxy back then ). So far I found two websites giving the problem when running squid in tproxy mode, so I can safely conclude that it's not a https problem. But I thought yahoo mail is a very common thing, why nobody seem to complain about this whereas I could see this in all versions of squid, all version of kernels.
participants (2)
-
KOVACS Krisztian
-
Ming-Ching Tiew