Search squid archive

Re: Strange 503 on https sites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 27 Jun 2011 15:40:10 +0800, ICT Department wrote:
Hi,



I am very confused now as to why 99% of https access has 503, even yahoo
which is very fast..

This problem arises when my network is at peak use. This problem arises when
I upgraded my connection from

Copper connection 4mbps to Fiber optic 6mbps. Hope could someone point me
to the right direction.   Thank you.


503 is "Service Unable". On CONNECT requests for Squid that means the TCP connection to that IP address could not be opened. The 59 second duration for those requests indicate a TCP setup timeout is happening.

Next steps I'd look at is PMTU issues between you and that server.


Squid-3.1 does IPv6. So if you have that incorrectly disabled Squid could be failing to connect to that IPv4-only destination over an IPv6 socket. NP: (rant warning) if you followed most any online tutorial for disabling IPv6 in RHEL. Most only go so far as to make the kernel drop IPv6 packets. Rather than actually turning the OFF kernel control which would inform the relevant software that it cannot use IPv6 ports. So it sends a packet, and waits... and waits... (and yes I know you are connecting to an IPv4 host. Linux "hybrid stack" which Squid uses can use IPv6 sockets to contact IPv4 space).


Access.log

1309159630.003  59632 192.168.100.33 TCP_MISS/503 0 CONNECT
124.102.69.115:443 - DIRECT/124.102.69.115 -

1309159630.003  59629 192.168.100.33 TCP_MISS/503 0 CONNECT
140.127.205.122:443 - DIRECT/140.127.205.122 -

1309159632.000  59480 192.168.100.33 TCP_MISS/503 0 CONNECT
218.226.219.106:443 - DIRECT/218.226.219.106 -

1309159632.000  59996 192.168.10.105 TCP_MISS/503 0 CONNECT
login.yahoo.com:443 - DIRECT/124.108.120.31 -

1309159636.001  59997 192.168.100.84 TCP_MISS/503 0 CONNECT
www.facebook.com:443 - DIRECT/69.171.228.11 -

1309159644.000  59906 192.168.100.58 TCP_MISS/503 0 CONNECT
us.data.toolbar.yahoo.com:443 - DIRECT/98.137.53.23 -

1309159656.002  59085 192.168.100.33 TCP_MISS/503 0 CONNECT
118.167.16.72:443 - DIRECT/118.167.16.72 -



My squid is compiled with

Squid Cache: Version 3.1.12

configure options:  '--build=i686-redhat-linux-gnu'
'--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--includedir=/usr/include'
'--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/usr/com' '-mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/var'
'--datadir=/usr/share' '--sysconfdir=/etc/squid'
'--enable-removal-policies=heap,lru' '--enable-storeio=aufs,diskd,ufs'
'--enable-ssl' '--with-openssl=/usr/kerberos' '--enable-delay-pools'
'--enable-linux-netfilter' '--with-pthreads'
'--enable-ntlm-auth-helpers=fakeauth'

'--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-digest-auth-helpers=password' '--with-winbind-auth-challenge'
'--enable-useragent-log' '--enable-referer-log'
'--disable-dependency-tracking' '--enable-cachemgr-hostname=localhost'
'--enable-underscores' '--enable-useragent_log'

'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain
-NTLM,SASL' '--enable-cache-digests' '--disable-ident-lookups'
'--with-large-files' '--enable-gnuregex' '--disable-follow-x-forwarded-for'
'--enable-fd-config' '--with-maxfd=16384' '--enable-internal-dns'
'build_alias=i686-redhat-linux-gnu' 'host_alias=i686-redhat-linux-gnu'
'target_alias=i386-redhat-linux-gnu' --with-squid=/root/squid-3.1.12
--enable-ltdl-convenience


Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux