Hi, I have successfully been running AD-authenticated, ssl-bumped (for a few sites of our own, the rest is spliced) squid proxy server for more than a decade, where for such success I am greatly thankful to all the people who develop squid and who helped me on this list numerous times. Lately I am experiencing bandwidth saturation of links I care for, and - of course - a big chunk of it is taken by web traffic that passes through squid proxy. I fired up calamaris to see what is going on, and I found out that - if report is correct - more than a third of daily data consumed by squid on behalf of its clients, goes for "500 (Internal Server Error)": # TCP Response code distribution status-code request % Byte % ---------------------------------------------- --------- ------ -------- ------ 000 (Used mostly with UDP traffic) 168404 3.86 0M 0.00 200 (OK) 2083756 47.82 78277M 54.66 204 (No Content) 57 0.00 0M 0.00 206 (Partial Content) 22234 0.51 7373M 5.15 301 (Moved Permanently) 467 0.01 0M 0.00 302 (Moved Temporarily) 442 0.01 0M 0.00 303 (See Other) 1 0.00 0M 0.00 304 (Not Modified) 16639 0.38 7M 0.00 308 (Resume Incomplete) 1 0.00 0M 0.00 400 (Bad Request) 12 0.00 0M 0.00 403 (Forbidden) 139524 3.20 782M 0.55 404 (Not Found) 588 0.01 1M 0.00 407 (Proxy Authentication Required) 1593023 36.56 6275M 4.38 500 (Internal Server Error) 321292 7.37 50439M 35.22 502 (Bad Gateway) 6269 0.14 44M 0.03 503 (Service Unavailable) 4850 0.11 0M 0.00 ---------------------------------------------- --------- ------ -------- ------ Sum 4357559 100.00 143198M 100.00 I came to conclusion that this comes from lines with TCP_TUNNEL/500 in access.log, similar to: 1695680000.912 69973 10.X.X.X TCP_TUNNEL/500 8503669 CONNECT ipv4-c002-beg001-oriontelekom-isp.1.oca.nflxvideo.net:443 some.gal HIER_DIRECT/93.93.192.146 - 1695679277.395 876830 10.X.X.X TCP_TUNNEL/500 105991027 CONNECT rostov1.nebula.to:443 some.guy HIER_DIRECT/37.48.76.251 - 1695710735.004 271 10.X.X.X TCP_TUNNEL/500 10076 CONNECT nav.smartscreen.microsoft.com:443 some.guy HIER_DIRECT/51.104.176.40 - 1695710735.117 35652 10.X.X.X TCP_TUNNEL/500 6696 CONNECT g.live.com:443 some.gal HIER_DIRECT/68.219.88.225 - 1695710735.228 126910 10.X.X.X TCP_TUNNEL/500 6831 CONNECT enterprise-eudb.activity.windows.com:443 some.otherguy HIER_DIRECT/40.118.94.234 - 1695710735.343 218 10.X.X.X TCP_TUNNEL/500 7854 CONNECT smartscreen.microsoft.com:443 some.othergal HIER_DIRECT/51.104.176.40 - 1695710735.668 125756 10.X.X.X TCP_TUNNEL/500 997 CONNECT teams.microsoft.com:443 - HIER_DIRECT/52.123.129.14 - Are these really remote server errors? If so, why do they consume so much traffic? Is there anything I can do to prevent it, like reseting those sessions early and avoiding downloading all that data? Thank you in advance. -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/ _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
