Hello, My current goal is to set up a caching instance for https static content with squid 6.12. ssl-bump is set up according to https://wiki.squid-cache.org/Features/SslBump and it works fine, at least from the clients' perspectives and without any noticeable issues (e.g. with Firefox or Safari). Sometimes (~5-8% of the total requests) I can even get a few cache hits - including those juicy TCP_MEM_HIT/200s. What has been bothering me though is the impressive amount of client request errors being logged: # a few seconds after an instance restart openvpn-client2:/$ squidclient cache_object://localhost/counters | grep client_http.errors client_http.errors = 8 openvpn-client2:/$ squidclient cache_object://localhost/counters | grep client_http.errors client_http.errors = 20 In the access_log, it is possible to see many NONE_NONE/200 being logged for **almost every https request**. The amount of logged NONE_NONE/200 seem to vary according to the target website: github.com:443 throws 6-7 errors, while the lists.squid-cache.org throws only one. As mentioned, everything seems to be fine for the clients (my grafana dashboard disagrees). Switching, for example, the config from: acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump all to ssl_bump peek all ssl_bump slice all makes the NONE_NONE/200 disappear from the logs altogether, but that does not meet the initial caching objective. What do these NONE_NONE/200 mean exactly? How to identify their underlying cause and reduce the total amount of logged errors? Side question: are there any plans to move from this email-based list to GitHub issues in your repository (https://github.com/squid-cache/squid)? Thanks and regards, Rod --- squid.conf: cache_effective_user squid cache_effective_group users pid_filename /var/run/squid/squid.pid acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN) acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN) acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN) acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN) acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN) acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl snmppublic snmp_community public snmp_port 3401 snmp_access allow snmppublic all http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access allow localnet manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all # begin ssl-bump http_port 3128 \ ssl-bump \ cert=/etc/squid/ssl_cert/myCA.pem \ generate-host-certificates=on \ dynamic_cert_mem_cache_size=40MB acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump all sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 40MB sslcrtd_children 5 # end ssl-bump cache allow all cache_dir aufs /cache 51200 16 256 cache_mem 2 GB maximum_object_size_in_memory 512 MB maximum_object_size 6 GB cache_swap_low 80 cache_swap_high 95 coredump_dir /cache acl hasRequest has request acl hasResponse has response acl cachemgr1 url_regex ^cache_object:// logformat xsquid %tl %6tr %>a %Ss/%03>Hs %err_code/%err_detail %<st %rm %ru %un %Sh/%<A %mt access_log daemon:/var/log/squid/access.log logformat=xsquid hasRequest !cachemgr1 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern .jpg 120 50% 86400 override-lastmod override-expire ignore-reload ignore-no-store ignore-private store-stale # just to artificially force some hits refresh_pattern . 3600 80% 14400 range_offset_limit none forwarded_for on access_log: 14/Dec/2024:15:28:14 +0000 122 192.168.1.125 NONE_NONE/200 -/- 0 CONNECT 4chan.org:443 - HIER_DIRECT/4chan.org - 14/Dec/2024:15:28:14 +0000 239 192.168.1.125 TCP_MISS/200 -/- 4876 GET https://4chan.org/ - HIER_DIRECT/4chan.org text/html 14/Dec/2024:15:28:14 +0000 145 192.168.1.125 NONE_NONE/200 -/- 0 CONNECT i.4cdn.org:443 - HIER_DIRECT/i.4cdn.org - 14/Dec/2024:15:28:14 +0000 145 192.168.1.125 NONE_NONE/200 -/- 0 CONNECT i.4cdn.org:443 - HIER_DIRECT/i.4cdn.org - 14/Dec/2024:15:28:14 +0000 145 192.168.1.125 NONE_NONE/200 -/- 0 CONNECT i.4cdn.org:443 - HIER_DIRECT/i.4cdn.org - 14/Dec/2024:15:28:14 +0000 144 192.168.1.125 NONE_NONE/200 -/- 0 CONNECT i.4cdn.org:443 - HIER_DIRECT/i.4cdn.org - 14/Dec/2024:15:28:14 +0000 147 192.168.1.125 NONE_NONE/200 -/- 0 CONNECT i.4cdn.org:443 - HIER_DIRECT/i.4cdn.org - 14/Dec/2024:15:28:14 +0000 153 192.168.1.125 NONE_NONE/200 -/- 0 CONNECT i.4cdn.org:443 - HIER_DIRECT/i.4cdn.org - 14/Dec/2024:15:28:14 +0000 60 192.168.1.125 TCP_MISS/200 -/- 9636 GET https://i.4cdn.org/sp/1734116081466614s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:14 +0000 65 192.168.1.125 TCP_MISS/200 -/- 4521 GET https://i.4cdn.org/a/1734088830105726s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:14 +0000 64 192.168.1.125 TCP_MISS/200 -/- 7356 GET https://i.4cdn.org/v/1734174698931944s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:14 +0000 66 192.168.1.125 TCP_MISS/200 -/- 12559 GET https://i.4cdn.org/vr/1734154519311392s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:14 +0000 67 192.168.1.125 TCP_MISS/200 -/- 4810 GET https://i.4cdn.org/vg/1734151107375798s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:14 +0000 77 192.168.1.125 TCP_MISS/200 -/- 5194 GET https://i.4cdn.org/int/1734146907548086s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:14 +0000 74 192.168.1.125 TCP_MISS/200 -/- 8464 GET https://i.4cdn.org/fit/1734081397035134s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:14 +0000 75 192.168.1.125 TCP_MISS/200 -/- 7634 GET https://i.4cdn.org/co/1734014992706889s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:17 +0000 105 192.168.1.125 NONE_NONE/200 -/- 0 CONNECT boards.4chan.org:443 - HIER_DIRECT/boards.4chan.org - 14/Dec/2024:15:28:17 +0000 117 192.168.1.125 TCP_REFRESH_MODIFIED/200 -/- 21264 GET https://boards.4chan.org/hr/ - HIER_DIRECT/boards.4chan.org text/html 14/Dec/2024:15:28:17 +0000 104 192.168.1.125 NONE_NONE/200 -/- 0 CONNECT s.4cdn.org:443 - HIER_DIRECT/s.4cdn.org - 14/Dec/2024:15:28:17 +0000 66 192.168.1.125 TCP_MISS/200 -/- 7329 GET https://s.4cdn.org/image/contest_banners/4da91e15078cd0b401a3df182447d7f6ef53a041.png - HIER_DIRECT/s.4cdn.org image/png 14/Dec/2024:15:28:17 +0000 64 192.168.1.125 TCP_MISS/200 -/- 2195 GET https://i.4cdn.org/hr/1734185018492644s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:17 +0000 64 192.168.1.125 TCP_MISS/200 -/- 2488 GET https://i.4cdn.org/hr/1734184210267895s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:17 +0000 67 192.168.1.125 TCP_MISS/200 -/- 2743 GET https://i.4cdn.org/hr/1734129280051325s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:17 +0000 70 192.168.1.125 TCP_MISS/200 -/- 9838 GET https://i.4cdn.org/hr/1729975559696842s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:17 +0000 68 192.168.1.125 TCP_MISS/200 -/- 8271 GET https://s.4cdn.org/image/title/1.jpg - HIER_DIRECT/s.4cdn.org image/jpeg 14/Dec/2024:15:28:17 +0000 76 192.168.1.125 TCP_MISS/200 -/- 2586 GET https://i.4cdn.org/hr/1734190031181606s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:17 +0000 98 192.168.1.125 TCP_MISS/200 -/- 8941 GET https://i.4cdn.org/hr/1732533823407555s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:17 +0000 65 192.168.1.125 TCP_MISS/200 -/- 6828 GET https://i.4cdn.org/hr/1729098446168049s.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:21 +0000 63 192.168.1.125 TCP_MISS/200 -/- 587 HEAD https://i.4cdn.org/hr/1732533823407555.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:21 +0000 269 192.168.1.125 TCP_MISS/200 -/- 757840 GET https://i.4cdn.org/hr/1732533823407555.jpg - HIER_DIRECT/i.4cdn.org image/jpeg 14/Dec/2024:15:28:25 +0000 4 192.168.1.125 TCP_MEM_HIT/200 -/- 757841 GET https://i.4cdn.org/hr/1732533823407555.jpg - HIER_NONE/- image/jpeg _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
