Re: TCP_MISS_ABORTED/502

Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> · Mon, 15 Jul 2024 14:38:41 -0400

On 2024-07-13 16:02, Ben Toms wrote:

with debug_options ALL,4 set.. the cache.log shows:

2024/07/13 18:55:03.595 kid1| 5,3| Read.cc(93) ReadNow: conn17 
local=squid.cache.ip:37046 remote=origin.server.ip:443 FIRSTUP_PARENT FD 
14 flags=1, size 65536, retval -28, errno 0

2024/07/13 18:55:03.595 kid1| 17,3| FwdState.cc(471) fail: 
ERR_READ_ERROR "Bad Gateway"

Still need to dig in more.. but the true error seems to be: 
ERR_READ_ERROR "Bad Gateway"

AFAICT, the underlying error happens a bit earlier (probably at TLS 
layer), just before the "retval -28" line above. Official high-level 
Squid code that produced the above log lines does not detail those TLS 
errors. I do not know what went wrong between Squid and Apache.

Going forward, I see four options:

A) Examine origin logs. It is likely that Apache logs what is going 
wrong with that TLS session from httpd point of view.

B) (Privately) examine Squid ALL,9 logs. Squid OpenSSL integration code 
might log something relevant to this context.

C) Examine Squid-origin packet capture. If you supply TLS master keys to 
Wireshark or a similar tool, you may be able to see a relevant TLS alert 
in that TLS stream.

D) Find somebody to patch Squid source code to add more debugging info 
if (B) did not produce enough new/usable hints.

HTH,

Alex.

*From: *Ben Toms <ben@xxxxxxxxxxx>
*Date: *Saturday, 13 July 2024 at 13:04
*To: *Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
*Subject: *Re:  TCP_MISS_ABORTED/502

Well.. tried with cache-control headers added to the apache servers 
responses.. and still no luck (header response below).

Date: Sat, 13 Jul 2024 12:00:02 GMT

Server: Apache

Last-Modified: Thu, 20 Jun 2024 13:57:21 GMT

ETag: "152c-61b52b19bbd2a"

Accept-Ranges: bytes

Content-Length: 5420

Cache-Control: max-age=84600, public

Connection: close

I’ve tried a few other sites and the issue seems to be when attempting 
to cache an item which requires authentication. Which is bizarre, as the 
apache server is showing files are being downloaded.. yet squid-cache is 
still erroring with TCP_MISS_ABORTED/502.

Regards,

Ben.

*From: *Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
*Date: *Friday, 12 July 2024 at 22:54
*To: *Ben Toms <ben@xxxxxxxxxxx>
*Subject: *Re:  TCP_MISS_ABORTED/502

On 2024-07-12 14:31, Ben Toms wrote:

So this squid cache is the parent (which might speak to me 
misconfiguring squid).

It’s setup as an accelerator for the public server.

Ah, I see. Sorry I forgot or misinterpreted that part. Too many balls in
the air.

Right now, it sounds like origin sent 200 OK, but Squid could not even
parse that response header, which is rather unusual/rare. However, that
theory is based on your interpretation of ALL,2 logs, so there may be
more to the story here.

When I curl the public server direct, there are no cache control headers.

Understood. I suspect Squid will not cache such authenticated responses
by default (even after Squid starts to receive them), but I have not
checked all the relevant details.

Cheers,

Alex.

On Fri, 12 Jul 2024 at 19:15, Alex Rousskov  wrote:

     On 2024-07-12 13:38, Ben Toms wrote:

      > Where would I find those headers?

     If you have access to the parent Squid proxy, they will be in its
     debugging cache.log. You can also get them by capturing network packets
     between the parent Squid and origin, but for HTTPS traffic that
     requires
     giving Wireshark the associated master keys, which may be possible with
     Squid v6, but not trivial (see tls_key_log in Squid; Apache may have
     better support for this). Finally, one can configure Apache to log them
     (sorry, I do not remember the details).

     Again, the child Squid does not see these headers yet (AFAICT), so they
     are not the reason things do not currently "work" in your tests.

      > Looking at the origin servers apache logs.. it’s sending a 200
     response.

     I am aware. We need the headers that go with that 200 OK response. For
     example, if it has Cache-Control:public, then Squid may be able to
     cache
     it despite authentication.

     HTH,

     Alex.

      > On Fri, 12 Jul 2024 at 18:26, Alex Rousskov wrote:
      >
      >     On 2024-07-12 13:03, Ben Toms wrote:
      >
      >      > So the issue seems to be caching content that requires
     authentication
      >
      >     The client is getting an error response from Squid. That error is
      >     probably not related to caching decisions. I do not recommend
     focusing
      >     on caching at this stage of triage. I recommend addressing that
      >     error first.
      >
      >
      >      > The question here is, can squid cache items that require
      >     authentication
      >      > to access?
      >
      >     Yes, in some cases. To know whether your case qualifies, I
     asked for
      >     the
      >     response headers. That led to the discovery that there are
     none (from
      >     child Squid point of view). If you really want to investigate the
      >     caching angle in parallel with solving
     ERR_READ_ERROR/WITH_SERVER, then
      >     try to obtain HTTP response headers that the origin server
     responds (to
      >     the parent cache) with.
      >
      >
      >     HTH,
      >
      >     Alex.
      >
      >
      >      > *From: *Ben Toms <ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx>>
     <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx>>>>
      >      > *Date: *Friday, 12 July 2024 at 17:56
      >      > *To: *Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx
     <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx 
<mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
     <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx 
<mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>>>,
      >      > squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>
      >     <squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>>
      >      > *Subject: *Re:  TCP_MISS_ABORTED/502
      >      >
      >      > So, with the below config:
      >      >
      >      > https_port 443 accel protocol=HTTPS
      >     tls-cert=/usr/local/squid/client.pem
      >      > tls-key=/usr/local/squid/client.key
      >      >
      >      > cache_peer public.server.fqdn parent 443 0 no-query
     originserver
      >      > no-digest no-netdb-exchange tls login=PASSTHRU name=myAccel
      >      > forceddomain=public.server.fqdn
      >      >
      >      > acl our_sites dstdomain local.server.fqdn
      >      >
      >      > http_access allow our_sites
      >      >
      >      > cache_peer_access myAccel allow our_sites
      >      >
      >      > cache_peer_access myAccel deny all
      >      >
      >      > cache_dir ufs /usr/local/squid/var/cache 100000 16 256
      >      >
      >      > cache_mem 500 MB
      >      >
      >      > maximum_object_size_in_memory 50000 KB
      >      >
      >      > refresh_pattern .               0       20%     4320
      >      >
      >      > debug_options 11,2
      >      >
      >      > I can see the below in /var/log/squid/cache.log
      >      >
      >      > ----------
      >      >
      >      > 2024/07/12 16:49:57.056 kid1| 11,2| http.cc(1263)
     readReply: conn12
      >      > local=client.ip:56670 remote=public.ip.of.public.server:443
      >      > FIRSTUP_PARENT FD 14 flags=1: read failure: (0) No error.
      >      >
      >      > 2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(273)
      >     sendStartOfMessage:
      >      > HTTP Client conn9 local=client.ip:443
      >     remote=local.server.ip:59158 FD 13
      >      > flags=1
      >      >
      >      > 2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(274)
      >     sendStartOfMessage:
      >      > HTTP Client REPLY:
      >      >
      >      > ---------
      >      >
      >      > HTTP/1.1 502 Bad Gateway
      >      >
      >      > Server: squid/6.6
      >      >
      >      > Mime-Version: 1.0
      >      >
      >      > Date: Fri, 12 Jul 2024 16:49:57 GMT
      >      >
      >      > Content-Type: text/html;charset=utf-8
      >      >
      >      > Content-Length: 3629
      >      >
      >      > X-Squid-Error: ERR_READ_ERROR 0
      >      >
      >      > Vary: Accept-Language
      >      >
      >      > Content-Language: en
      >      >
      >      > Cache-Status: local.server;detail=mismatch
      >      >
      >      > Via: 1.1 local.server (squid/6.6)
      >      >
      >      > Connection: keep-alive
      >      >
      >      > ----------
      >      >
      >      > The apache server still shows a 200 for the request:
      >      >
      >      > [12/Jul/2024:17:49:57 +0100] "GET /path/to/file HTTP/1.1" 200
      >     10465 "-"
      >      > "curl/8.7.1"
      >      >
      >      > And this is when testing via:
      >      >
      >      > curl -D - https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>
      >     <https://local.server.fqdn/path/to/file
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>>
      >      > <https://local.server.fqdn/path/to/file
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>
      >     <https://local.server.fqdn/path/to/file
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>>> -H "Authorization: Basic
      >      > base64auth" -o /dev/null
      >      >
      >      > Regards,
      >      >
      >      > Ben.
      >      >
      >      > *From: *Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx
     <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx 
<mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
     <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx 
<mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>>>
      >      > *Date: *Friday, 12 July 2024 at 17:36
      >      > *To: *Ben Toms <ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx>>
     <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx>>>>,
      > squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>
      >      > <squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>>
      >      > *Subject: *Re:  TCP_MISS_ABORTED/502
      >      >
      >      > On 2024-07-12 12:14, Ben Toms wrote:
      >      >
      >      >> Which log should those be found?
      >      >
      >      > cache.log (if they are present)
      >      >
      >      >
      >      >> Can’t see “HTTP Server RESPONSE” in the access.log or
     cache.log.
      >      >
      >      > Sigh. This is one of the reasons I avoid asking folks to
     study logs
      >      > themselves, even ALL,2 logs...
      >      >
      >      > If that line is not in cache.log, then child Squid
     probably did not
      >      > receive a response from parent Squid, or could not parse that
      >     response.
      >      > A full debugging log should give us more information.
      >      >
      >      > Alex.
      >      >
      >      >
      >      >> *From: *squid-users
     <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>>>> on
      >      >> behalf of Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx
     <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx 
<mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
     <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx 
<mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>>>
      >      >> *Date: *Friday, 12 July 2024 at 17:11
      >      >> *To: *squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>
      >     <squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>>
      >      >> *Subject: *Re:  TCP_MISS_ABORTED/502
      >      >>
      >      >> On 2024-07-12 11:38, Ben Toms wrote:
      >      >>> Think I made the changes Alex requested:
      >      >>>
      >      >>> 12/Jul/2024:15:36:31 +0000.640 local.server.ip
      >     TCP_MISS_ABORTED/502 3974
      >      >>> GET https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>
      >     <https://local.server.fqdn/path/to/file
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>>
      >      > <https://local.server.fqdn/path/to/file
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>
      >     <https://local.server.fqdn/path/to/file
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>>>
      >      >> <https://local.server.fqdn/path/to/file
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>
      >     <https://local.server.fqdn/path/to/file
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>>
      >      > <https://local.server.fqdn/path/to/file
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>
      >     <https://local.server.fqdn/path/to/file
     <https://local.server.fqdn/path/to/file 
<https://local.server.fqdn/path/to/file>>>>> -
      >      >>> FIRSTUP_PARENT/public.ip.of.public.server text/html
      >      >>> ERR_READ_ERROR/WITH_SERVER
      >      >>
      >      >> Thank you for using Squid v6 for this test.
      >      >>
      >      >> Unfortunately, due to Squid logging bugs,
     ERR_READ_ERROR/WITH_SERVER
      >      >> does not always mean what it says. For example, parent Squid
      >     could have
      >      >> closed the child-parent connection prematurely, but there
     could
      >     be other
      >      >> reasons. A full debugging log should give us more
     information.
      >      >>
      >      >>
      >      >>> 2024/07/12 14:57:08.678 kid1| 11,2| Stream.cc(274)
      >     sendStartOfMessage:
      >      >>> HTTP Client REPLY:
      >      >>
      >      >> This is a child proxy response to the client. We need parent
      >     response to
      >      >> the child proxy. Look for "HTTP Server RESPONSE" lines
     instead.
      >      >>
      >      >>
      >      >> HTH,
      >      >>
      >      >> Alex.
      >      >>
      >      >>
      >      >>
      >      >>> ---------
      >      >>>
      >      >>> HTTP/1.1 502 Bad Gateway
      >      >>>
      >      >>> Server: squid/6.6
      >      >>>
      >      >>> Mime-Version: 1.0
      >      >>>
      >      >>> Date: Fri, 12 Jul 2024 14:57:08 GMT
      >      >>>
      >      >>> Content-Type: text/html;charset=utf-8
      >      >>>
      >      >>> Content-Length: 3629
      >      >>>
      >      >>> X-Squid-Error: ERR_READ_ERROR 0
      >      >>>
      >      >>> Vary: Accept-Language
      >      >>>
      >      >>> Content-Language: en
      >      >>>
      >      >>> Cache-Status: squid.host;detail=mismatch
      >      >>>
      >      >>> Via: 1.1 squid.host (squid/6.6)
      >      >>>
      >      >>> Connection: keep-alive
      >      >>>
      >      >>> ----------
      >      >>>
      >      >>> Regards,
      >      >>>
      >      >>> Ben.
      >      >>>
      >      >>> *From: *squid-users
     <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>>>> on
      >      >>> behalf of Amos Jeffries <squid3@xxxxxxxxxxxxx
     <mailto:squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx>>
      >     <mailto:squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx>>>>
      >      >>> *Date: *Friday, 12 July 2024 at 15:22
      >      >>> *To: *squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>
      >     <squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
      >     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx 
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>>
      >      >>> *Subject: *Re:  TCP_MISS_ABORTED/502
      >      >>>
      >      >>>
      >      >>> On 13/07/24 01:52, Alex Rousskov wrote:
      >      >>>> On 2024-07-12 08:06, Ben Toms wrote:
      >      >>>>> Seems that my issue is similar to -
      >      >>>>>
      >
    https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>> <https://serverfault.com/questions/1104330/squid-cache-items-behi
nd-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>>>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>>>>>
      >      >>>>
      >      >>>> You are facing up to two problems:
      >      >>>>
      >      >>>> 1. Some authenticated responses are not cachable by Squid.
      >     Please share
      >      >>>> HTTP headers of the response in question.
      >      >>>>
      >      >>>
      >      >>> FYI, those can be obtained by configuring squid.conf with
      >      >>>
      >      >>>     debug_options 11,2
      >      >>>
      >      >>>
      >      >>> Cheers
      >      >>> Amos
      >      >>>
      >      >>>
      >      >>>> 2. TCP_MISS_ABORTED/502 errors may delete a being-cached
      >     response. These
      >      >>>> can be bogus errors (essentially Squid logging bugs) or
     real
      >     ones (e.g.,
      >      >>>> due to communication bugs, misconfiguration, or
     compatibility
      >     problems).
      >      >>>> I recommend adding %err_code/%err_detail to your
     logformat and
      >     sharing
      >      >>>> the corresponding access.log lines (obfuscated as needed).
      >      >>>>
      >      >>>> Sharing (privately if needed) a pointer to compressed ALL,9
      >     cache.log
      >      >>>> while reproducing the issue using a single transaction may
      >     help us
      >      >>>> resolve all the unknowns:
      >      >>>>
      >      >>>>
      >
    https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users