我们遇到了一个问题,即来自特定 URL 的某些 PDF 需要很长时间才能显示。Squid 似乎需要很长时间(超过 2 分钟)才能将其缓存为 110kb。如果我不通过 Squid 浏览此 PDF,它就可以完美运行。
1359106030.833 120114 160.85.85.46 TCP_MISS/200 116194 GET http://www2.zhlex.zh.ch/appl/zhlex_r.nsf/0/9429732E0BEDB5EDC12574C60044A4CC/$file/xxx.pdf - DIRECT/195.65.218.66 application/pdf
您还可以在 tcpdump 上看到差距
它存在于我们的 Squid 3.1 上,也存在于 Squid 3.2 上。它只出现在来自该 URL 的 PDF 上。其他 PDF 运行良好。
这不可能是他们的服务器,因为它无需通过代理就可以顺利运行
这是我们的净化配置。它已从旧版 squid 中接管,并且自那时起就未进行过调整。
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl bigip src xx.xx.xx.xx/32
acl to_localhost dst 127.0.0.0/8
acl monhost src xx.xx.xx.xx/32
acl srv-ts-057 src xx.xx.xx.xx/32
acl srv-ts-058 src xx.xx.xx.xx/32
acl snmppublic snmp_community Fast3thernet
acl xxnet src xx.xx.xx.xx/16 # xx
acl xxnet src xx.xx.xx.xx/32 # HSWNAT
acl xxnet src xx.xx.xx.xx/16 # VoIP
acl xxnet src xx.xx.xx.xx/22 # HAP
acl xxnet src xx.xx.xx.xx/22 # HSSAZ
acl xxnet src xx.xx.xx.xx/24 # Management Netz 1
acl xxnet src xx.xx.xx.xx/24 # Management Netz 2
acl xxnet src xx.xx.xx.xx/24 # FET-DEV
acl xxnet src xx.xx.xx.xx/24 # FET-TEST
acl xxnet src xx.xx.xx.xx/24 # BET-DEV
acl xxnet src xx.xx.xx.xx/24 # BET-TEST
acl xxnet src xx.xx.xx.xx/24 # FET-VDP
acl xxnet src xx.xx.xx.xx/24 # FET-VDP
acl STAFFMGR src xx.xx.xx.xx/26
acl SSL_ports port 443 8443 28443 50001
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl MONxxCH dstdomain mon.xx.ch
acl ZREG dstdomain zreg.xx.ch
acl PUT method PUT
http_access allow PUT xxnet
http_access deny PUT
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE
acl PROPFIND method PROPFIND
http_access allow PROPFIND srv-ts-057
http_access allow PROPFIND srv-ts-058
http_access deny PROPFIND
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny !STAFFMGR MONxxCH
http_access deny !STAFFMGR ZREG
http_access allow xxnet
http_access deny all
icp_access deny all
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow bigip
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
http_port 160.85.104.11:8080
hierarchy_stoplist cgi-bin ?
cache_mem 768 MB
maximum_object_size_in_memory 32 KB
cache_dir ufs /var/cache/squid 25000 64 256
coredump_dir /var/cache/squid
#access_log /var/log/squid/access.log
#cache_log /var/log/squid/cache.log
cache_store_log none
#pid_filename /var/run/squid.pid
ftp_user [email protected]
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl apache rep_header Server ^Apache
request_timeout 30 seconds
cache_mgr [email protected]
#mail_from [email protected]
#mail_program /usr/local/bin/mutt
cache_effective_user squid
cache_effective_group squid
httpd_suppress_version_string on
visible_hostname srv-app-901.xx.ch
unique_hostname srv-app-901.xx.ch
snmp_port 3401
snmp_access allow snmppublic monhost
snmp_access deny all
snmp_incoming_address xx.xx.xx.xx
snmp_outgoing_address 255.255.255.255
icp_port 0
allow_underscore off
dns_retransmit_interval 3 seconds
dns_timeout 1 minute
dns_nameservers xx.xx.xx.xx
append_domain .xx.ch
max_filedescriptors 8192
知道这是什么原因造成的吗?
答案1
问题解决了!
我发现命令“host www2.zhlex.zh.ch”将以超时结束。Squid 首先寻找 AAAA 记录(ipv6),但我们没有使用 ipv6。这需要 2 分钟,然后它超时并寻找 A 记录。
我已在系统上禁用 ipv6 + 我已将以下几行添加到 squid.conf 以强制使用 ipv4
acl to_ipv6 dst ipv6
tcp_outgoing_address <your_proxy_ipv4_address> !to_ipv6
现在一切正常!