Re: sibling clients get access denied for ftp objects

From: Marc van Selm <marc.van.selm@dont-contact.us>
Date: Mon, 06 Oct 1997 13:16:58 +0100

At 12:40 PM 10/6/97 +0200, Jan Torreele wrote:
>Hi all,
>
>I recently encountered the following problem: Sometimes, when a client
>from one of our siblings tries to fetch an (ftp) object, he gets the
>following error message (from our cache, that is proxy.belnet.be,
>running squid-1.1.15):
... deleted ...
>In the access.log I see a UDP_HIT (from the sibling) immediately followed
>by a TCP_DENIED (from the same sibling). When I try to access that object
>immediately after that, I get a TCP_HIT and the whole thing downloads.
>It seems to happen only with FTP transfers and is not limited to one
>specific sibling. Anyone knows what is going on?

Sounds like the proxy runs "icp_hit_stale on" and a FTP-file which is stale
is accessed. We had similar problems (we run icp_hit_stale on) and found
that if we don't give our siblings miss-access FTP's can create these kind
of errors.

There are two fixes (as far as I can see):

1) give siblings miss-access (not preferred)
2) change the source so it only gives back a stale-hit for HTTP. (Does it
make sense to keep stale files if squid needs to do a "IMS" because the
ftp-server doesn't support IMS)

In icp.c:

    static int
    icpCheckUdpHit(StoreEntry * e, request_t * request)
    {unsigned int a;
        if (e == NULL)
            return 0;
        if (!storeEntryValidToSend(e))
            return 0;
Old--> if (Config.Options.icp_hit_stale)
 
        /* only icp_hit_stale for http */
New--> if (Config.Options.icp_hit_stale && request->protocol== PROTO_HTTP)

            return 1;
        if (refreshCheck(e, request, 30))
            return 0;
        return 1;
    }

>--
>Jan Torreele E-mail: Jan.Torreele@belnet.be
>BELNET Service Support Team Tel.: +32 (0) 2 / 238 34 70

Something for in the source? Together with a restriction to specific hosts?

Marc
---------------------------------------------------------------------
Marc van Selm
NATO C3 Agency
Communication Systems Division, A-Branch
E-Mail: marc.van.selm@nc3a.nato.int
---------------------------------------------------------------------
Private: selm@cistron.nl, selm@het.net, http://www.cistron.nl/~selm
Received on Mon Oct 06 1997 - 04:18:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:15 MST