HTTP proxy slow + forwarding loop after update to 3.2 [solved]

[smitka]

Hi, I upgraded our proxy from Zentyal 2.2 to 3.2 yesterday, but content filtering is painfuly slow now.
I use non-transparent  proxy, firewall is off now. I checked DNS settings, it seems ok.

There is a forwarding loop warning in external-cache.log and I think it is a cause of problem...
 
2013/10/11 21:23:26| WARNING: Forwarding loop detected for:
GET /squid-internal-periodic/store_digest HTTP/1.0
Accept: application/cache-digest
Accept: text/html
Host: localhost.local:3129
Authorization: Basic Kjpub3Bhc3N3b3Jk
Via: 0.0 (frontal)proxy.proxy.local (squid/3.1.19), 1.0 (external)proxy.proxy.local (squid/3.1.19), 1.0 (external)proxy.proxy.local (squid/3.1.19), 1.0 (external)proxy.proxy.local (squid/3.1.19), 1.0 ....... many times

X-Forwarded-For: ::, 127.0.0.1, 127.0.0.1, ::, 127.0.0.1, 127.0.0.1, 127.0.0.1,
::, 127.0.0.1, 127.0.0.1, ::, .........many times

Any ideas?

Thank you.

[astana]

I'm not sure if that is the cause of the slowdown. I've had the same problem as you're experiencing in both 3.0 and 3.2.
There seems to be a problem with the digest setup between the 2 proxy servers (3128 and 3030). Normally there shouldn't be any digest as one proxy is only for authentication and authorisation and the second proxy is for caching.

You can remove the digest by adding no-digest to the cache_peer configuration line in squid.conf (better still is add the line to your stub otherwise it will be overwritten by any change you make).

I removed it because it totally messed up any reporting by sarg.

[smitka]

Thank you for your suggestion!

I tried to bypass DG (set cache_peer to 3130) and everything worked fine. So I suspect DG.

I reverted config and set no-digest - again terrible performance (5 minutes per page)
Now I disable authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf' in addition and proxy works much better.

Now, I need to do some tests.

[smitka]

Thank you again!

Everything works fine entire week.

[ap1821]

I got same forwarding loops and the proxy sometimes slows down for a tiny bit. Should I add no-digest option in squid-external.conf.mas ? I'm running 3.0

[astana]

the no-digest would be on the internal squid conf.mas file.
digest should only be used if you have multiple caching squid servers.

[ap1821]

Yeah, I already supposed that's the file to change. Will see how it will run now.
I can share with my modified stubs.
http://pastebin.com/Pf8snKuG
http://pastebin.com/VawNKAik

Edit: the loops seem to be gone indeed. The proxy seems to work nicely now, thanks!
Still I get some queue congestion warnings when using the proxy more intense, is that alright?

[ap1821]

Just wanted to clarify. The authplugin line in dansguardian conf is only needed when I use user authentication? I use transparent proxy which has only some filtering rules for network segments (no user auth whatsoever), so I could try removing that line to gain better performance?