Slow loading or timeout https sites

vradelos

Hi all,
this problem is bugging me for a long time but i was unable to solve it so i am asking for your help.Certain-not all- https sites do not load(timeout) or load very slowly when using squid proxy.Proxy is in non transparent mode.If i bypass the proxy they load very quickly.Some ideas what is happening and how to troubleshoot the problem?Thanks in advance.

Pfsense      2.3.2 amd64
squid          0.4.22
squidguard  1.14_3
lightsquid    3.0.4
suricata      3.0_7
cron            0.3.6_2
openvpn client export 1.3.8

KOM

You can run a command from the console to get a quick profile of squid's performance.  Run:

squidclient -h LAN_IP_address -p 3128 mgr:info

Replace LAN_IP_address with your pfSense LAN IP address.

In your output, look at the Median Service Times section.  See if anything looks out of place.  Here is my output for example:

Median Service Times (seconds)  5 min    60 min:
        HTTP Requests (All):  0.25890  0.00179
        Cache Misses:          0.00494  0.01469
        Cache Hits:            0.00000  0.00000
        Near Hits:            0.02190  0.00379
        Not-Modified Replies:  0.00000  0.00000
        DNS Lookups:          0.01331  0.03696
        ICP Queries:          0.00000  0.00000

vradelos

Nothing unusual there.Any other idea how to troubleshoot site specific delays through squid?

KOM

I'd turn off any extra services, like Suricata, and test again.  IDS/IPS can create all kinds of weird network glitches.

vradelos

Nothing changed by disabling SURICATA.But when i bypass the proxy(i place a firewall rule for my pc only to bypass it) the problematic sites open without delay.It is definitely the proxy.

KOM

Anything of note in /var/squid/logs/access.log when the problem is happening?

vradelos

Nothing there also.But what i found out is that most of the sites that timeout have .aspx code

KOM

No idea then, sorry.