[SQU] TCP_DENIED: squid ACLS intermittently reject all connections

From: Nate Cull <Culln@dont-contact.us>
Date: Wed, 29 Nov 2000 18:16:55 +1300

Running a virgin Red Hat 7.0 server as a Squid proxy box (squid-2.3STABLE4-1 rpm) with an ACL inclusion list (ie, it will only allow connections to a specified list of sites), we're getting an odd intermittent problem. At random times during the day (this seems to happen every couple of weeks), squid will suddenly fall into a state where it rejects EVERY http request sent to it (not just ones sent to unauthorised sites). We can see this in the logs; suddenly every line becomes a TCP_DENIED instead of a TCP_MISS or TCP_HIT.

Has anyone seen this behaviour before? I can't find it anywhere in the FAQ and I'm scratching my head wondering how to fix it. Our users are getting a little annoyed at the perceived flakiness of their proxy.

(Brief explanation: this box is being used for public access web browsers in a university library. Hence it doesn't do any authentication, but allows access only to a shortlist of approved course-related sites).

Yes, I know I could set up a cron script to test the proxy and restart it each time it starts blocking requests to approved sites - but there's got to be a better way, right?

Nate

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Tue Nov 28 2000 - 22:20:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:37 MST