HOTMAIL AND FACEBOOK PROBLEM.

[GoogleCodeExporter]

Hello.
I comment a bit my scenario
I suando fedora core 11, LUSCA_HEAD-r14733 squid, dnsmasq
the server is serving about 800 users, with a bandwidth of 60 MB.
This mode Brig with PUBLIC IP.
The problem is that since the first days of August, I received complaints from 
users who can not enter HOTMAIL then validate your data, I mean that HOTMAIL 
cover charge, but when you validate the data, the connection and left hanging 
after a few minutes an error that says Connection reset by peer.
And with Facebook, but can access the site, validate and review messages / 
photos, etc, is never loaded the list of online contacts, therefore the user 
can not chat.
Not so with the pages of banks, or gmail, they have their chat embedded in the 
site. I make this clarification because any of the above sites, work with HTTPS.

Reading this forum, make a tag mension within the SERVER_HTTP11 squid is ON. 
Place this option in my squid.conf, but got no positive results.

has happened to someone? any ideas?.

Original issue reported on code.google.com by cbotej...@gmail.com on 20 Aug 2010 at 8:46

Attachments:

• LUSCA.txt

[GoogleCodeExporter]

Hotmal blank, 

try it :

header_access Accept-Encoding deny all

Original comment by tembokg...@gmail.com on 21 Aug 2010 at 8:26

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

there was no change with this option.you do not have this problem?

Original comment by cbotej...@gmail.com on 23 Aug 2010 at 8:01

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

I think the problem is here application/ocsp-response

Access.log
1282683869.306 486 xxx.xxx.xxx.xxx TCP_MISS/302 1728 GET 
http://www.hotmail.com/ - DIRECT/64.4.20.169 text/html
1282683870.374 962 xxx.xxx.xxx.xxx TCP_MISS/200 13117 GET 
http://login.live.com/login.srf?wa=wsig ... &mkt=es-es - DIRECT/65.54.165.141 
text/html

1282683871.818 481 xxx.xxx.xxx.xxx TCP_MISS/200 753 GET 
http://login.live.com/pp800/images/Live ... 2684744380 - DIRECT/65.54.165.169 
image/gi
1282683900.256 551 xxx.xxx.xxx.xxx TCP_MISS/200 2128 POST 
http://evsecure-ocsp.verisign.com/ - DIRECT/199.7.59.72 
application/ocsp-response
1282683901.099 551 xxx.xxx.xxx.xxx TCP_MISS/200 1883 POST 
http://evsecure-ocsp.verisign.com/ - DIRECT/199.7.59.72 
application/ocsp-response

here is where the connection is reset by peer.

Original comment by cbotej...@gmail.com on 24 Aug 2010 at 9:38

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

So how in particular can I replicate this issue?

That particular thing looks like it's an SSL/certificate exchange; i wonder 
whether it's a broken POST.

Please let me know if you can snaffle a packet capture (tcpdump -s 1518 -w 
pcap.out -ni <interface> port <proxyport>) and let me know.

Original comment by adrian.c...@gmail.com on 19 Oct 2010 at 1:56

• Changed state: Accepted
• Added labels: Priority-High, Version-Head
• Removed labels: Priority-Medium, Version-1.0