Search squid archive

Re: TCP_MISS_ABORTED/502

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



And, just to confirm.. if I change public.server.fqdn to that my blog (macmule.com).. I can curl down a file from that via squid-cache fine:

 

curl -D - https://local.server.fqdn/AutoCasperNBI-AppCast.xml -o /dev/null             

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0HTTP/1.1 200 OK

Date: Fri, 12 Jul 2024 11:04:24 GMT

Server: Apache

Last-Modified: Sat, 04 May 2019 13:21:20 GMT

ETag: "69d9d-75b7-5880fbe2c1400"

Accept-Ranges: bytes

Content-Length: 30135

Vary: Accept-Encoding

Content-Type: application/xml

Age: 21285

Cache-Status: local.server;hit;detail=match

Via: 1.1 local.server (squid/6.6)

Connection: keep-alive

 

100 30135  100 30135    0     0  96335      0 --:--:-- --:--:-- --:--:-- 96277

 

So the issue seems to be caching content that requires authentication, hence saying the issues seems to be what is stated at: https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication

 

The question here is, can squid cache items that require authentication to access?

 

Regards,

Ben.

 

From: Ben Toms <ben@xxxxxxxxxxx>
Date: Friday, 12 July 2024 at 17:56
To: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>, squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: TCP_MISS_ABORTED/502

So, with the below config:

 

https_port 443 accel protocol=HTTPS tls-cert=/usr/local/squid/client.pem tls-key=/usr/local/squid/client.key

cache_peer public.server.fqdn parent 443 0 no-query originserver no-digest no-netdb-exchange tls login=PASSTHRU name=myAccel forceddomain=public.server.fqdn

acl our_sites dstdomain local.server.fqdn

http_access allow our_sites

cache_peer_access myAccel allow our_sites

cache_peer_access myAccel deny all

cache_dir ufs /usr/local/squid/var/cache 100000 16 256

cache_mem 500 MB

maximum_object_size_in_memory 50000 KB

refresh_pattern .               0       20%     4320

debug_options 11,2

 

I can see the below in /var/log/squid/cache.log

----------

2024/07/12 16:49:57.056 kid1| 11,2| http.cc(1263) readReply: conn12 local=client.ip:56670 remote=public.ip.of.public.server:443 FIRSTUP_PARENT FD 14 flags=1: read failure: (0) No error.

2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(273) sendStartOfMessage: HTTP Client conn9 local=client.ip:443 remote=local.server.ip:59158 FD 13 flags=1

2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(274) sendStartOfMessage: HTTP Client REPLY:

---------

HTTP/1.1 502 Bad Gateway

Server: squid/6.6

Mime-Version: 1.0

Date: Fri, 12 Jul 2024 16:49:57 GMT

Content-Type: text/html;charset=utf-8

Content-Length: 3629

X-Squid-Error: ERR_READ_ERROR 0

Vary: Accept-Language

Content-Language: en

Cache-Status: local.server;detail=mismatch

Via: 1.1 local.server (squid/6.6)

Connection: keep-alive

 

 

----------

 

The apache server still shows a 200 for the request:

[12/Jul/2024:17:49:57 +0100] "GET /path/to/file HTTP/1.1" 200 10465 "-" "curl/8.7.1"

 

And this is when testing via:

curl -D - https://local.server.fqdn/path/to/file -H "Authorization: Basic base64auth" -o /dev/null

 

Regards,

Ben.

 

From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Friday, 12 July 2024 at 17:36
To: Ben Toms <ben@xxxxxxxxxxx>, squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: TCP_MISS_ABORTED/502

On 2024-07-12 12:14, Ben Toms wrote:

> Which log should those be found?

cache.log (if they are present)


> Can’t see “HTTP Server RESPONSE” in the access.log or cache.log.

Sigh. This is one of the reasons I avoid asking folks to study logs
themselves, even ALL,2 logs...

If that line is not in cache.log, then child Squid probably did not
receive a response from parent Squid, or could not parse that response.
A full debugging log should give us more information.

Alex.


> *From: *squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on
> behalf of Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
> *Date: *Friday, 12 July 2024 at 17:11
> *To: *squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx>
> *Subject: *Re: TCP_MISS_ABORTED/502
>
> On 2024-07-12 11:38, Ben Toms wrote:
>> Think I made the changes Alex requested:
>>
>> 12/Jul/2024:15:36:31 +0000.640 local.server.ip TCP_MISS_ABORTED/502 3974
>> GET https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file> -
>> FIRSTUP_PARENT/public.ip.of.public.server text/html
>> ERR_READ_ERROR/WITH_SERVER
>
> Thank you for using Squid v6 for this test.
>
> Unfortunately, due to Squid logging bugs, ERR_READ_ERROR/WITH_SERVER
> does not always mean what it says. For example, parent Squid could have
> closed the child-parent connection prematurely, but there could be other
> reasons. A full debugging log should give us more information.
>
>
>> 2024/07/12 14:57:08.678 kid1| 11,2| Stream.cc(274) sendStartOfMessage:
>> HTTP Client REPLY:
>
> This is a child proxy response to the client. We need parent response to
> the child proxy. Look for "HTTP Server RESPONSE" lines instead.
>
>
> HTH,
>
> Alex.
>
>
>
>> ---------
>>
>> HTTP/1.1 502 Bad Gateway
>>
>> Server: squid/6.6
>>
>> Mime-Version: 1.0
>>
>> Date: Fri, 12 Jul 2024 14:57:08 GMT
>>
>> Content-Type: text/html;charset=utf-8
>>
>> Content-Length: 3629
>>
>> X-Squid-Error: ERR_READ_ERROR 0
>>
>> Vary: Accept-Language
>>
>> Content-Language: en
>>
>> Cache-Status: squid.host;detail=mismatch
>>
>> Via: 1.1 squid.host (squid/6.6)
>>
>> Connection: keep-alive
>>
>> ----------
>>
>> Regards,
>>
>> Ben.
>>
>> *From: *squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on
>> behalf of Amos Jeffries <squid3@xxxxxxxxxxxxx>
>> *Date: *Friday, 12 July 2024 at 15:22
>> *To: *squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx>
>> *Subject: *Re: TCP_MISS_ABORTED/502
>>
>>
>> On 13/07/24 01:52, Alex Rousskov wrote:
>>> On 2024-07-12 08:06, Ben Toms wrote:
>>>> Seems that my issue is similar to -
>>>> https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>
>>>
>>> You are facing up to two problems:
>>>
>>> 1. Some authenticated responses are not cachable by Squid. Please share
>>> HTTP headers of the response in question.
>>>
>>
>> FYI, those can be obtained by configuring squid.conf with
>>
>>     debug_options 11,2
>>
>>
>> Cheers
>> Amos
>>
>>
>>> 2. TCP_MISS_ABORTED/502 errors may delete a being-cached response. These
>>> can be bogus errors (essentially Squid logging bugs) or real ones (e.g.,
>>> due to communication bugs, misconfiguration, or compatibility problems).
>>> I recommend adding %err_code/%err_detail to your logformat and sharing
>>> the corresponding access.log lines (obfuscated as needed).
>>>
>>> Sharing (privately if needed) a pointer to compressed ALL,9 cache.log
>>> while reproducing the issue using a single transaction may help us
>>> resolve all the unknowns:
>>>
>>> https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction <https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction> <https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction <https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction>>
>>>
>>>
>>> HTH,
>>>
>>> Alex.
>>>
>>>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>> https://lists.squid-cache.org/listinfo/squid-users
> <https://lists.squid-cache.org/listinfo/squid-users>
>> <https://lists.squid-cache.org/listinfo/squid-users
> <https://lists.squid-cache.org/listinfo/squid-users>>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>> https://lists.squid-cache.org/listinfo/squid-users
> <https://lists.squid-cache.org/listinfo/squid-users>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.squid-cache.org/listinfo/squid-users
> <https://lists.squid-cache.org/listinfo/squid-users>
>

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux