Thanks, Alex.
Nothing jumps out in the logs when set to ALL, 9.. redacted snippet below:
2024/07/16 09:13:18.072 kid1| 11,5| http.cc(1181) readReply: conn12 local=squid.cache.ip:57824 remote=origin.server.ip:443 FIRSTUP_PARENT
FD 14 flags=1
2024/07/16 09:13:18.072 kid1| 11,7| http.cc(1674) canBufferMoreReplyBytes: yes, may read up to 65536 into 0/23
2024/07/16 09:13:18.072 kid1| 24,8| SBuf.cc(880) cow: SBuf5269 new size:65536
2024/07/16 09:13:18.072 kid1| 24,8| SBuf.cc(847) reAlloc: SBuf5269 new size: 65536
2024/07/16 09:13:18.072 kid1| 24,9| MemBlob.cc(54) MemBlob: constructed, this=0x568b12912270 id=blob1461 reserveSize=65536
2024/07/16 09:13:18.073 kid1| 24,8| MemBlob.cc(99) memAlloc: blob1461 memAlloc: requested=65536, received=65536
2024/07/16 09:13:18.073 kid1| 24,7| SBuf.cc(859) reAlloc: SBuf5269 new store capacity: 65536
2024/07/16 09:13:18.073 kid1| 11,7| http.cc(1694) maybeMakeSpaceAvailable: may read up to 65536 bytes info buffer (0/65536) from conn12
local=squid.cache.ip:57824 remote=origin.server.ip:443 FIRSTUP_PARENT FD 14 flags=1
2024/07/16 09:13:18.073 kid1| 45,9| cbdata.cc(228) cbdataInternalLock: 0x568b1291d588=9
2024/07/16 09:13:18.073 kid1| 24,7| SBuf.cc(160) rawSpace: reserving 65536 for SBuf5269
2024/07/16 09:13:18.073 kid1| 24,7| SBuf.cc(167) rawSpace: SBuf5269 not growing
2024/07/16 09:13:18.073 kid1| 24,8| SBuf.cc(139) rawAppendStart: SBuf5269 start appending up to 65536 bytes
2024/07/16 09:13:18.073 kid1| 83,3| Session.cc(36) tls_read_method: started for session=0x568b1290d5e0
2024/07/16 09:13:18.073 kid1| 5,3| Read.cc(93) ReadNow: conn12 local=squid.cache.ip:57824 remote=origin.server.ip:443 FIRSTUP_PARENT
FD 14 flags=1, size 65536, retval -28, errno 0
2024/07/16 09:13:18.073 kid1| 5,3| Read.cc(107) ReadNow: conn12 local=squid.cache.ip:57824 remote=origin.server.ip:443 FIRSTUP_PARENT
FD 14 flags=1 Comm::COMM_ERROR: (0) No error.
2024/07/16 09:13:18.073 kid1| 11,2| http.cc(1263) readReply: conn12 local=squid.cache.ip:57824 remote=origin.server.ip:443 FIRSTUP_PARENT
FD 14 flags=1: read failure: (0) No error.
2024/07/16 09:13:18.073 kid1| 45,9| cbdata.cc(168) cbdataInternalAlloc: Allocating 0x568b1291cc18
2024/07/16 09:13:18.073 kid1| 24,8| SBuf.cc(30) SBuf: SBuf5291 created
2024/07/16 09:13:18.073 kid1| 17,3| FwdState.cc(471) fail: ERR_READ_ERROR "Bad Gateway"
https://origin.server.fqdn/path/to/file
As we’re sadly not progressing.. I think we’ll pivot to building our own thing to more closely match our requirements.
Thanks to yourself and Amos for responding.
Regards,
Ben.
From:
squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on behalf of Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Monday, 15 July 2024 at 19:38
To: squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: TCP_MISS_ABORTED/502
On 2024-07-13 16:02, Ben Toms wrote:
> with debug_options ALL,4 set.. the cache.log shows:
> 2024/07/13 18:55:03.595 kid1| 5,3| Read.cc(93) ReadNow: conn17
> local=squid.cache.ip:37046 remote=origin.server.ip:443 FIRSTUP_PARENT FD
> 14 flags=1, size 65536, retval -28, errno 0
> 2024/07/13 18:55:03.595 kid1| 17,3| FwdState.cc(471) fail:
> ERR_READ_ERROR "Bad Gateway"
> Still need to dig in more.. but the true error seems to be:
> ERR_READ_ERROR "Bad Gateway"
AFAICT, the underlying error happens a bit earlier (probably at TLS
layer), just before the "retval -28" line above. Official high-level
Squid code that produced the above log lines does not detail those TLS
errors. I do not know what went wrong between Squid and Apache.
Going forward, I see four options:
A) Examine origin logs. It is likely that Apache logs what is going
wrong with that TLS session from httpd point of view.
B) (Privately) examine Squid ALL,9 logs. Squid OpenSSL integration code
might log something relevant to this context.
C) Examine Squid-origin packet capture. If you supply TLS master keys to
Wireshark or a similar tool, you may be able to see a relevant TLS alert
in that TLS stream.
D) Find somebody to patch Squid source code to add more debugging info
if (B) did not produce enough new/usable hints.
HTH,
Alex.
> *From: *Ben Toms <ben@xxxxxxxxxxx>
> *Date: *Saturday, 13 July 2024 at 13:04
> *To: *Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
> *Subject: *Re: TCP_MISS_ABORTED/502
>
> Well.. tried with cache-control headers added to the apache servers
> responses.. and still no luck (header response below).
>
> Date: Sat, 13 Jul 2024 12:00:02 GMT
>
> Server: Apache
>
> Last-Modified: Thu, 20 Jun 2024 13:57:21 GMT
>
> ETag: "152c-61b52b19bbd2a"
>
> Accept-Ranges: bytes
>
> Content-Length: 5420
>
> Cache-Control: max-age=84600, public
>
> Connection: close
>
> I’ve tried a few other sites and the issue seems to be when attempting
> to cache an item which requires authentication. Which is bizarre, as the
> apache server is showing files are being downloaded.. yet squid-cache is
> still erroring with TCP_MISS_ABORTED/502.
>
> Regards,
>
> Ben.
>
> *From: *Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
> *Date: *Friday, 12 July 2024 at 22:54
> *To: *Ben Toms <ben@xxxxxxxxxxx>
> *Subject: *Re: TCP_MISS_ABORTED/502
>
> On 2024-07-12 14:31, Ben Toms wrote:
>
>> So this squid cache is the parent (which might speak to me
>> misconfiguring squid).
>>
>> It’s setup as an accelerator for the public server.
>
> Ah, I see. Sorry I forgot or misinterpreted that part. Too many balls in
> the air.
>
> Right now, it sounds like origin sent 200 OK, but Squid could not even
> parse that response header, which is rather unusual/rare. However, that
> theory is based on your interpretation of ALL,2 logs, so there may be
> more to the story here.
>
>
>> When I curl the public server direct, there are no cache control headers.
>
> Understood. I suspect Squid will not cache such authenticated responses
> by default (even after Squid starts to receive them), but I have not
> checked all the relevant details.
>
>
> Cheers,
>
> Alex.
>
>
>> On Fri, 12 Jul 2024 at 19:15, Alex Rousskov wrote:
>>
>> On 2024-07-12 13:38, Ben Toms wrote:
>>
>> > Where would I find those headers?
>>
>> If you have access to the parent Squid proxy, they will be in its
>> debugging cache.log. You can also get them by capturing network packets
>> between the parent Squid and origin, but for HTTPS traffic that
>> requires
>> giving Wireshark the associated master keys, which may be possible with
>> Squid v6, but not trivial (see tls_key_log in Squid; Apache may have
>> better support for this). Finally, one can configure Apache to log them
>> (sorry, I do not remember the details).
>>
>> Again, the child Squid does not see these headers yet (AFAICT), so they
>> are not the reason things do not currently "work" in your tests.
>>
>>
>> > Looking at the origin servers apache logs.. it’s sending a 200
>> response.
>>
>> I am aware. We need the headers that go with that 200 OK response. For
>> example, if it has Cache-Control:public, then Squid may be able to
>> cache
>> it despite authentication.
>>
>>
>> HTH,
>>
>> Alex.
>>
>>
>> > On Fri, 12 Jul 2024 at 18:26, Alex Rousskov wrote:
>> >
>> > On 2024-07-12 13:03, Ben Toms wrote:
>> >
>> > > So the issue seems to be caching content that requires
>> authentication
>> >
>> > The client is getting an error response from Squid. That error is
>> > probably not related to caching decisions. I do not recommend
>> focusing
>> > on caching at this stage of triage. I recommend addressing that
>> > error first.
>> >
>> >
>> > > The question here is, can squid cache items that require
>> > authentication
>> > > to access?
>> >
>> > Yes, in some cases. To know whether your case qualifies, I
>> asked for
>> > the
>> > response headers. That led to the discovery that there are
>> none (from
>> > child Squid point of view). If you really want to investigate the
>> > caching angle in parallel with solving
>> ERR_READ_ERROR/WITH_SERVER, then
>> > try to obtain HTTP response headers that the origin server
>> responds (to
>> > the parent cache) with.
>> >
>> >
>> > HTH,
>> >
>> > Alex.
>> >
>> >
>> > > *From: *Ben Toms <ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx>>
>> <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx>>>>
>> > > *Date: *Friday, 12 July 2024 at 17:56
>> > > *To: *Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx
>> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
>> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>>>,
>> > > squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>
>> > <squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>>
>> > > *Subject: *Re: TCP_MISS_ABORTED/502
>> > >
>> > > So, with the below config:
>> > >
>> > > https_port 443 accel protocol=HTTPS
>> > tls-cert=/usr/local/squid/client.pem
>> > > tls-key=/usr/local/squid/client.key
>> > >
>> > > cache_peer public.server.fqdn parent 443 0 no-query
>> originserver
>> > > no-digest no-netdb-exchange tls login=PASSTHRU name=myAccel
>> > > forceddomain=public.server.fqdn
>> > >
>> > > acl our_sites dstdomain local.server.fqdn
>> > >
>> > > http_access allow our_sites
>> > >
>> > > cache_peer_access myAccel allow our_sites
>> > >
>> > > cache_peer_access myAccel deny all
>> > >
>> > > cache_dir ufs /usr/local/squid/var/cache 100000 16 256
>> > >
>> > > cache_mem 500 MB
>> > >
>> > > maximum_object_size_in_memory 50000 KB
>> > >
>> > > refresh_pattern . 0 20% 4320
>> > >
>> > > debug_options 11,2
>> > >
>> > > I can see the below in /var/log/squid/cache.log
>> > >
>> > > ----------
>> > >
>> > > 2024/07/12 16:49:57.056 kid1| 11,2| http.cc(1263)
>> readReply: conn12
>> > > local=client.ip:56670 remote=public.ip.of.public.server:443
>> > > FIRSTUP_PARENT FD 14 flags=1: read failure: (0) No error.
>> > >
>> > > 2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(273)
>> > sendStartOfMessage:
>> > > HTTP Client conn9 local=client.ip:443
>> > remote=local.server.ip:59158 FD 13
>> > > flags=1
>> > >
>> > > 2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(274)
>> > sendStartOfMessage:
>> > > HTTP Client REPLY:
>> > >
>> > > ---------
>> > >
>> > > HTTP/1.1 502 Bad Gateway
>> > >
>> > > Server: squid/6.6
>> > >
>> > > Mime-Version: 1.0
>> > >
>> > > Date: Fri, 12 Jul 2024 16:49:57 GMT
>> > >
>> > > Content-Type: text/html;charset=utf-8
>> > >
>> > > Content-Length: 3629
>> > >
>> > > X-Squid-Error: ERR_READ_ERROR 0
>> > >
>> > > Vary: Accept-Language
>> > >
>> > > Content-Language: en
>> > >
>> > > Cache-Status: local.server;detail=mismatch
>> > >
>> > > Via: 1.1 local.server (squid/6.6)
>> > >
>> > > Connection: keep-alive
>> > >
>> > > ----------
>> > >
>> > > The apache server still shows a 200 for the request:
>> > >
>> > > [12/Jul/2024:17:49:57 +0100] "GET /path/to/file HTTP/1.1" 200
>> > 10465 "-"
>> > > "curl/8.7.1"
>> > >
>> > > And this is when testing via:
>> > >
>> > > curl -D - https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>
>> > <https://local.server.fqdn/path/to/file
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>>
>> > > <https://local.server.fqdn/path/to/file
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>
>> > <https://local.server.fqdn/path/to/file
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>>> -H "Authorization: Basic
>> > > base64auth" -o /dev/null
>> > >
>> > > Regards,
>> > >
>> > > Ben.
>> > >
>> > > *From: *Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx
>> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
>> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>>>
>> > > *Date: *Friday, 12 July 2024 at 17:36
>> > > *To: *Ben Toms <ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx>>
>> <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx <mailto:ben@xxxxxxxxxxx>>>>,
>> > squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>
>> > > <squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>>
>> > > *Subject: *Re: TCP_MISS_ABORTED/502
>> > >
>> > > On 2024-07-12 12:14, Ben Toms wrote:
>> > >
>> > >> Which log should those be found?
>> > >
>> > > cache.log (if they are present)
>> > >
>> > >
>> > >> Can’t see “HTTP Server RESPONSE” in the access.log or
>> cache.log.
>> > >
>> > > Sigh. This is one of the reasons I avoid asking folks to
>> study logs
>> > > themselves, even ALL,2 logs...
>> > >
>> > > If that line is not in cache.log, then child Squid
>> probably did not
>> > > receive a response from parent Squid, or could not parse that
>> > response.
>> > > A full debugging log should give us more information.
>> > >
>> > > Alex.
>> > >
>> > >
>> > >> *From: *squid-users
>> <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>>>> on
>> > >> behalf of Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx
>> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
>> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx>>>>
>> > >> *Date: *Friday, 12 July 2024 at 17:11
>> > >> *To: *squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>
>> > <squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>>
>> > >> *Subject: *Re: TCP_MISS_ABORTED/502
>> > >>
>> > >> On 2024-07-12 11:38, Ben Toms wrote:
>> > >>> Think I made the changes Alex requested:
>> > >>>
>> > >>> 12/Jul/2024:15:36:31 +0000.640 local.server.ip
>> > TCP_MISS_ABORTED/502 3974
>> > >>> GET https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>
>> > <https://local.server.fqdn/path/to/file
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>>
>> > > <https://local.server.fqdn/path/to/file
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>
>> > <https://local.server.fqdn/path/to/file
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>>>
>> > >> <https://local.server.fqdn/path/to/file
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>
>> > <https://local.server.fqdn/path/to/file
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>>
>> > > <https://local.server.fqdn/path/to/file
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>
>> > <https://local.server.fqdn/path/to/file
>> <https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file>>>>> -
>> > >>> FIRSTUP_PARENT/public.ip.of.public.server text/html
>> > >>> ERR_READ_ERROR/WITH_SERVER
>> > >>
>> > >> Thank you for using Squid v6 for this test.
>> > >>
>> > >> Unfortunately, due to Squid logging bugs,
>> ERR_READ_ERROR/WITH_SERVER
>> > >> does not always mean what it says. For example, parent Squid
>> > could have
>> > >> closed the child-parent connection prematurely, but there
>> could
>> > be other
>> > >> reasons. A full debugging log should give us more
>> information.
>> > >>
>> > >>
>> > >>> 2024/07/12 14:57:08.678 kid1| 11,2| Stream.cc(274)
>> > sendStartOfMessage:
>> > >>> HTTP Client REPLY:
>> > >>
>> > >> This is a child proxy response to the client. We need parent
>> > response to
>> > >> the child proxy. Look for "HTTP Server RESPONSE" lines
>> instead.
>> > >>
>> > >>
>> > >> HTH,
>> > >>
>> > >> Alex.
>> > >>
>> > >>
>> > >>
>> > >>> ---------
>> > >>>
>> > >>> HTTP/1.1 502 Bad Gateway
>> > >>>
>> > >>> Server: squid/6.6
>> > >>>
>> > >>> Mime-Version: 1.0
>> > >>>
>> > >>> Date: Fri, 12 Jul 2024 14:57:08 GMT
>> > >>>
>> > >>> Content-Type: text/html;charset=utf-8
>> > >>>
>> > >>> Content-Length: 3629
>> > >>>
>> > >>> X-Squid-Error: ERR_READ_ERROR 0
>> > >>>
>> > >>> Vary: Accept-Language
>> > >>>
>> > >>> Content-Language: en
>> > >>>
>> > >>> Cache-Status: squid.host;detail=mismatch
>> > >>>
>> > >>> Via: 1.1 squid.host (squid/6.6)
>> > >>>
>> > >>> Connection: keep-alive
>> > >>>
>> > >>> ----------
>> > >>>
>> > >>> Regards,
>> > >>>
>> > >>> Ben.
>> > >>>
>> > >>> *From: *squid-users
>> <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>>>> on
>> > >>> behalf of Amos Jeffries <squid3@xxxxxxxxxxxxx
>> <mailto:squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx>>
>> > <mailto:squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx>>>>
>> > >>> *Date: *Friday, 12 July 2024 at 15:22
>> > >>> *To: *squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>
>> > <squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>
>> > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>>>>
>> > >>> *Subject: *Re: TCP_MISS_ABORTED/502
>> > >>>
>> > >>>
>> > >>> On 13/07/24 01:52, Alex Rousskov wrote:
>> > >>>> On 2024-07-12 08:06, Ben Toms wrote:
>> > >>>>> Seems that my issue is similar to -
>> > >>>>>
>> >
>>
https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>>>>>
>> > >>>>
>> > >>>> You are facing up to two problems:
>> > >>>>
>> > >>>> 1. Some authenticated responses are not cachable by Squid.
>> > Please share
>> > >>>> HTTP headers of the response in question.
>> > >>>>
>> > >>>
>> > >>> FYI, those can be obtained by configuring squid.conf with
>> > >>>
>> > >>> debug_options 11,2
>> > >>>
>> > >>>
>> > >>> Cheers
>> > >>> Amos
>> > >>>
>> > >>>
>> > >>>> 2. TCP_MISS_ABORTED/502 errors may delete a being-cached
>> > response. These
>> > >>>> can be bogus errors (essentially Squid logging bugs) or
>> real
>> > ones (e.g.,
>> > >>>> due to communication bugs, misconfiguration, or
>> compatibility
>> > problems).
>> > >>>> I recommend adding %err_code/%err_detail to your
>> logformat and
>> > sharing
>> > >>>> the corresponding access.log lines (obfuscated as needed).
>> > >>>>
>> > >>>> Sharing (privately if needed) a pointer to compressed ALL,9
>> > cache.log
>> > >>>> while reproducing the issue using a single transaction may
>> > help us
>> > >>>> resolve all the unknowns:
>> > >>>>
>> > >>>>
>> >
>>
https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
|