Rare issue with Proxy- Help!

NethServer Version: release 7.3.1611
Module: Gateway

Hello Community, I need some help.

Scenario

Virtualized Nethserver 7.3.1611 as firewall and proxy

CPU model 1 x Intel® Core™ i5-4590 CPU @ 3.30GHz
8GB Ram

Proxy setted up as Manual
50 users

Problem

My system was running perfectly until suddenly some random users could no longer navigate.
I need to restart proxy to work for a while, then the problem comes back.

I blame the office 365 (exchange online to be more exact) since I had the same problem in a zentyal system

I dont know if it could be the problem

2017/04/17 09:00:03 kid1| WARNING: All 20/20 redirector processes are busy.
2017/04/17 09:00:03 kid1| WARNING: 20 pending requests queued
2017/04/17 09:00:03 kid1| WARNING: Consider increasing the number of redirector processes in your config file.
2017/04/17 09:11:03 kid1| WARNING: Closing client connection due to lifetime timeout

I modified and retarted service /etc/e-smith/templates/etc/squid/squid.conf/50squidguard but no effect.

default is MaxChildren (20)

Do I need modify anything else?

Is there any way that Office365 do not go through by the proxy?

Any other test to find out what is the problem?

You should not modify the template.
Type:

config setprop squidguard MaxChildren 50
signal-event nethserver-squidguard-update
2 Likes

Ok, modified with your suggest. I will test and let you know

2 Likes

Not success :cry:

In /var/log/squid/access.log get this:

I have no clue. Can you find different errors logged in cache.log?
You could try to debug squid. I’d start with

squidclient mgr:info
squidclient mgr:active_requests

Then:
http://wiki.squid-cache.org/SquidFaq/BugReporting

Hi, I could not do all the tests due to lack of time and I had to implement a new proxy as soon as possible. I think I have found the problem (not 100% but it may be the update of windows 10 and also Exchange Online with the proxy)

Is there a way to create a list of domains / ip to bypass the proxy?

smtp.office365.com
outlook.office365.com
.outlook.office.com
autodiscover-
.outlook.com
.microsoft.com
.windowsupdate.com
13.107.6.152/31
13.107.9.152/31
13.107.18.10/31
13.107.19.10/31
23.103.160.0/20
Etc, etc…

By the way, thank you very much Filippo for your time.

You can bypass only IP, not domains.
Check the web proxy page.