Webproxy doesn't HIT

ilius168 · April 15, 2010, 9:53am

Hi
I have a mt setup for proxy, pretty much standard, NAT, dst-nat, and enable web-proxy.
But i see no hit in the status, and browsing is rather slow, compare to no proxy. No changes to size of disk space.

Any idea?

PS: Running ROS v.4.6 on x86Machine

[admin@MikroTik] > /ip fire nat pri
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat action=masquerade out-interface=ether2 

 1   chain=dstnat action=redirect to-ports=8088 protocol=tcp dst-port=80
[admin@MikroTik] > /ip proxy pri   
                 enabled: yes
             src-address: 0.0.0.0
                    port: 8088
            parent-proxy: 0.0.0.0
       parent-proxy-port: 0
     cache-administrator: "webmaster"
          max-cache-size: unlimited
           cache-on-disk: no
  max-client-connections: 600
  max-server-connections: 600
          max-fresh-time: 3d
   serialize-connections: no
       always-from-cache: no
          cache-hit-dscp: 4
             cache-drive: sata1
[admin@MikroTik] >

some log samples:

09:52:06 web-pro09:52:06 web-proxy,debug     POST /ajax/chat/buddy_list.php?__a=1 HTTP/1.1 
09:52:06 web-proxy,debug     Host: www.facebook.com 
09:52:06 web-proxy,debug     User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1
; en-US; rv:1.9.0.16) Gecko/2010010414 Firefox/3.0.16 Flock/2.5.6 
09:52:06 web-proxy,debug     Accept: text/html,application/xhtml+xml,application
/xml;q=0.9,*/*;q=0.8 
09:52:06 web-proxy,debug     Accept-Language: en-us,en;q=0.5 
09:52:06 web-proxy,debug     Accept-Encoding: gzip,deflate 
09:52:06 web-proxy,debug     Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 
09:52:06 web-proxy,debug     X-SVN-Rev: 236268 
09:52:06 web-proxy,debug     Content-Type: application/x-www-form-urlencoded; ch
arset=UTF-8 
09:52:06 web-proxy,debug     Referer: http://www.facebook.com/profile.php?id=163
2100120&ref=ts 
09:52:06 web-proxy,debug     Content-Length: 5701 
09:52:06 web-proxy,debug     Cookie: datr=1262767237-f3eb281f2eb89d28f3460271fc6
0d813de0efbe0906a7ab956d6c; lo=ncoJimL9LE2ZFaa3HnUI5w; locale=id_ID; __utma=8728
6159.80137062.1271129171.1271129171.1271129171.1; __utmz=87286159.1271129171.1.1
.utmccn=(referral)|utmcsr=facebook.com|ut 
09:52:06 web-proxy,debug mcct=/tos.php|utmcmd=referral; lsd=fdHrn; c_user=120507
5852; lxe=elninno_09%40yahoo.com; lxs=1; sct=1271320297; xs=429d413b67858abadd74
2a68c6e59e4b; x-referer=http%3A%2F%2Fwww.facebook.com%2Fphoto.php%3Fpid%3D100943
8%26op%3D1%26o%3Dglobal%26view%3Dglobal%2 
xy,debug     Pragma: no-cache 
09:52:06 web-proxy,debug     Cache-Control: no-cache 
09:52:06 web-proxy,debug     X-Proxy-ID: 1415420273 
09:52:06 web-proxy,debug     X-Forwarded-For: 192.168.7.2 
09:52:06 web-proxy,debug     Via: 1.1  (Mikrotik HttpProxy) 
09:52:06 web-proxy,debug 
09:52:07 web-proxy,debug Response to "POST http://www.facebook.com/ajax/chat/bud
dy_list.php?__a=1": 
09:52:07 web-proxy,debug     HTTP/1.1 200 OK 
09:52:07 web-proxy,debug     Cache-Control: private, no-store, no-cache, must-re
validate, post-check=0, pre-check=0 
09:52:07 web-proxy,debug     Content-Length: 499 
09:52:07 web-proxy,debug     Content-Type: application/x-javascript; charset=utf
-8 
09:52:07 web-proxy,debug     Expires: Sat, 01 Jan 2000 00:00:00 GMT 
09:52:07 web-proxy,debug     Pragma: no-cache 
09:52:07 web-proxy,debug     X-Cnection: close 
09:52:07 web-proxy,debug     Date: Thu, 15 Apr 2010 09:52:07 GMT 
09:52:07 web-proxy,debug

ilius168 · April 15, 2010, 10:17am

Just found out it works, when it’s used as non transparent proxy…
Wonder what’s wrong with the settings.

sergejs · April 15, 2010, 10:54am

Is there any packets in /ip firewall nat print for proxy rule?
Do not forget to check cache-on-disk=yes, if you want to save proxy cache on disk.

ilius168 · April 15, 2010, 11:30am

yes. there are packets. But for some reason the proxy doesn’t hits, when using redirecting (transparent-proxy).

Yep, cache on disk, is set

ilius168 · April 15, 2010, 11:35am

Ah-ha!!
Found the problem…

the WAN Ip address has to be excluded in src-address..

 1   chain=dstnat action=redirect to-ports=8088 protocol=tcp 
     src-address=!10.21.0.136/30 dst-port=80

Never done this in previous proxy setting, is this a new feature??

rpz · November 27, 2013, 1:09pm

Looks like the problem is somewhere else.

I’ve tried your solution and it didn’t work. What’s strange someone from this forum reported that the /ip dns entries are the problem (didn’t work either).

I’m slowly loosing patience searching for the origin of the problem. My setup is very common, just like yours. I can block sites, and proxy reports that it’s there, but no cache goes to disk, and no single hit goes to clients.

bax · December 1, 2013, 8:34am

My setings is here and is always working:

/ip firewall nat
add action=redirect chain=dstnat comment="transparent proxy - hotspot net" dst-port=80 in-interface=hotspot protocol=tcp to-ports=3130

So try to use in-interface

rpz · December 13, 2013, 8:11pm

Strange thing happened.

I’ve managed to get it work. I did nothing new though. The only difference is that this time I’ve used Winbox to setup store and proxy.

Possible that the web interface is the problem…