[tproxy] tproxy 4.1 squid 3.1.19 not working for yahoo mail

KOVACS Krisztian hidden at balabit.hu
Fri Jul 13 08:55:26 CEST 2012 

Hi,

On Tue 10 Jul 2012 02:27:51 AM CEST, Ming-Ching Tiew wrote:
> I am using linux kernel 3.2.21 ( also tested a few other versions ).
>
> Basically I could get basic tproxy working by following this instruction.
>
> http://wiki.squid-cache.org/Features/Tproxy4
>
> Everything I follow strictly except rp_filter I have to set to zero.
> Then I could visit some website and it seems tproxy is working.
> However I have problem with one or two website, yahoo mail in particular,
> which is not working well. I wonder if this is the forum which I could post
> some follow details in troubleshooting the problem ?
>
> The symptom of the problem is slow in login and impossible to logout from
> yahoo mail. The browser complains of zero byte received.
>
> 2012/07/01 20:08:50.410| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet'
> 2012/07/01 20:08:50.416| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
> 2012/07/01 20:08:50.416| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet'
> 2012/07/01 20:08:54.899| connReadWasError: FD 9: got flag -1
> 2012/07/01 20:08:54.904| ConnStateData::swanSong: FD 9
> 2012/07/01 20:08:55.490| The request GET http://us.mc1614.mail.yahoo.com/mc/welcome?.gx=1&.tm=1341173241&.rand=foctjdei2njpi is ALLOWED, because it matched 'localnet'
> 2012/07/01 20:08:55.501| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
> 2012/07/01 20:08:55.501| The request GET http://us.mc1614.mail.yahoo.com/mc/welcome?.gx=1&.tm=1341173241&.rand=foctjdei2njpi is ALLOWED, because it matched 'localnet'
> 2012/07/01 20:10:10.020| connReadWasError: FD 9: got flag -1
> 2012/07/01 20:10:10.027| ConnStateData::swanSong: FD 9
> 2012/07/01 20:10:10.072| connReadWasError: FD 20: got flag -1
> 2012/07/01 20:10:10.079| connReadWasError: FD 18: got flag -1
> 2012/07/01 20:10:10.080| connReadWasError: FD 22: got flag -1
> 2012/07/01 20:10:10.080| connReadWasError: FD 10: got flag -1
> 2012/07/01 20:10:10.081| ConnStateData::swanSong: FD 20
> 2012/07/01 20:10:10.082| ConnStateData::swanSong: FD 18
> 2012/07/01 20:10:10.082| ConnStateData::swanSong: FD 22
> 2012/07/01 20:10:10.084| ConnStateData::swanSong: FD 10
> 2012/07/01 20:10:10.096| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet'
> 2012/07/01 20:10:10.096| client_side_request.cc(556) clientAccessCheck2: No adapted_http_access configuration.
> 2012/07/01 20:10:10.096| The request GET http://mail.yahoo.com/ is ALLOWED, because it matched 'localnet'
> 2012/07/01 20:10:16.984| ctx: exit level  0
> 2012/07/01 20:10:16.992| WARNING: HTTP: Invalid Response: No object data received for http://mail.yahoo.com/ AKA mail.yahoo.com/
> 2012/07/01 20:10:16.994| fwdServerClosed: FD 10 http://mail.yahoo.com/
> 2012/07/01 20:10:23.515| ctx: exit level  0
> 2012/07/01 20:10:23.521| WARNING: HTTP: Invalid Response: No object data received for http://mail.yahoo.com/ AKA mail.yahoo.com/
> 2012/07/01 20:10:23.523| fwdServerClosed: FD 10 http://mail.yahoo.com/
> 2012/07/01 20:10:29.892| ctx: exit level  0
> 2012/07/01 20:10:29.899| WARNING: HTTP: Invalid Response: No object data received for http://mail.yahoo.com/ AKA mail.yahoo.com/
> 2012/07/01 20:10:29.901| fwdServerClosed: FD 10 http://mail.yahoo.com/
> 2012/07/01 20:10:29.915| The reply for GET http://mail.yahoo.com/ is ALLOWED, because it matched 'all'

Have you tried reporting this issue to the squid mailing list? 
Unfortunately I'm not a squid expert -- and even if this was not a 
squid issue -- a solid knowledge of Squid internals is most probably 
necessary to successfully triage the bug.

--
KOVACS Krisztian

More information about the tproxy mailing list