Re: [squid-users] Error 503, only when passing through squid

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 5 Mar 2009 12:37:56 +1300 (NZDT)

> Hi all,
>
> I am a newbie to squid. And I have struggled with its configuration file
> for several days, until I
> got all the desired acl's correctly set.
> Then I tried my configuration using wget and... 503.
> I fell back to a minimal totally open configuration:
> ----------------------
> http_port 3128
> emulate_httpd_log on
> debug_options ALL,5
> negative_ttl 0
>

Try these:

> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80 20 21 443 563 70 210 1025-65535
> acl CONNECT method CONNECT
> acl mysite src localhost 192.168.0.0/30 172.16.112.0/24
>

http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
http_access allow mysite
http_access deny all

> http_reply_access allow all

Drop these:

> acl allsites dst 0.0.0.0/0.0.0.0
> http_access allow CONNECT
> http_access allow Safe_ports
> http_access allow all
> http_access allow allsites
>

> coredump_dir /var/spool/squid
> ----------------------
>
> But still, I get:
> ----------------------
> # wget -O - http://www.google.fr/ > /dev/null
> --22:29:34-- http://www.google.fr/
> Resolving www.google.fr... 74.125.39.147, 74.125.39.99, 74.125.39.103, ...
> Connecting to www.google.fr|74.125.39.147|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: unspecified [text/html]
> Saving to: `STDOUT'
>
> [ <=> ]
> 5,852 --.-K/s in 0.02s
>
> 22:29:35 (266 KB/s) - `-' saved [5852]
>
> ######## everything is OK so far
>
> # http_proxy=http://localhost:3128 wget -O - http://www.google.fr/ >
> /dev/null
> --22:30:31-- http://www.google.fr/
> Resolving localhost... 127.0.0.1
> Connecting to localhost|127.0.0.1|:3128... connected.
> Proxy request sent, awaiting response... 503 Service Unavailable
> 22:30:31 ERROR 503: Service Unavailable.
> ----------------------
>
> Obviously, it is bound to squid. I run CentOS on x86_64 architecture. I do
> not join the log files
> here, because I found them not very helpful, only logging that there was
> an 503, without giving more
> information about it.
> I really do not know what to try now, and any clue would be very welcome
> and helpful.

About half the clues you have access to right now are held in the text of
the error page returned. Send it to a file instead of /dev/null and check
what the file says about the error.

Also I think you want to use :
 export http_proxy="http://localhost:3128/" ;
 wget ....

There are weirdnesses sometimes when the final '/' is missing.

Amos
Received on Wed Mar 04 2009 - 23:39:22 MST

This archive was generated by hypermail 2.2.0 : Thu Mar 05 2009 - 12:00:02 MST