Re: [squid-users] TCP_MISS/504

On Wed, 3 Feb 2010 15:22:02 -0500, "Enrique" <enrique_at_banmet.cu> wrote:
> Hello all
> recentilly I installed squid on debian box and recive the followin error
> on
> certain web sites. for example yahoo page is show the version of movile
>
> 1265227900.962 10 192.168.157.100 TCP_MISS/504 1678 GET
> http://l.yimg.com/i/i/uk/metro/pill2.jpg - DIRECT/l.yimg.com text/html
> 1265227900.968 6 192.168.157.100 TCP_MISS/504 1674 GET
> http://l.yimg.com/i/i/es/hp/minir1.jpg - DIRECT/l.yimg.com text/html
> 1265227900.972 3 192.168.157.100 TCP_MISS/504 1678 GET
> http://l.yimg.com/i/i/uk/metro/pill1.jpg - DIRECT/l.yimg.com text/html
> 1265227901.026 9 192.168.157.100 TCP_MISS/504 1674 GET
> http://l.yimg.com/i/i/es/hp/besos3.jpg - DIRECT/l.yimg.com text/html
> 1265227901.028 1 192.168.157.100 TCP_MISS/504 1674 GET
> http://l.yimg.com/i/i/es/hp/maran1.jpg - DIRECT/l.yimg.com text/html
>

So the server at l.yimg.com apparently sent you a 504 error message. Or
squid encountered a timeout trying to connect to it and get a reply.

What did the message say?

 <snip>

> acl direccioneslocales dstdom_regex ^[192]+\.[168]+\.[157]+\.[0-9]+$
> acl direccioneslocales dstdom_regex ^[192]+\.[168]+\.[158]+\.[0-9]+$

Uhm... I suspect you want it to match the Ips in the network:
 192.168.158.0/24 right?

That regex matches a *lot* more:
 * 1.1.1.0/24
 * 1.1.5.0/24
 * 1.1.8.0/24
 * 1.1.11.0/24
 * 1.1.15.0/24
 * 1.1.18.0/24
 * 1.1.51.0/24
 * 1.1.55.0/24
 * 1.1.58.0/24
 * 1.1.81.0/24
 * 1.1.85.0/24
 * 1.1.88.0/24
 * 1.1.111.0/24
 * 1.1.115.0/24
 * 1.1.118.0/24
 * 1.1.151.0/24
 * 1.1.155.0/24
 * 1.1.158.0/24
 * 1.1.181.0/24
 * 1.1.185.0/24
 * 1.1.188.0/24
...

I think the pattern you are really wanting is this:
  ^192\.168\.157\.[0-9]+$

<snip>
> # DISK CACHE OPTIONS
> #
>
-----------------------------------------------------------------------------
> cache_replacement_policy lru
> cache_dir ufs /var/spool/squid/squid1 100 16 256
> cache_dir ufs /var/spool/squid/squid2 100 16 256

Hint: aufs

>
> store_dir_select_algorithm least-load
> max_open_disk_fds 0
> minimum_object_size 0 KB
> maximum_object_size 20480 KB
>

Up to 20MB individual objects in a few 100MB storage areas...

<snip>
> # negative_ttl 5 minutes

Please set this to 0 seconds.

<snip>
> visible_hostname proxy-centro-informativo
> unique_hostname proxy-centro-informativo

The visible name is ideally meant to be FQDN.
  visible_hostname proxy-centro-informativo.example.com

<snip>
>
> # SNMP OPTIONS
> #
>
-----------------------------------------------------------------------------
> snmp_port 3401
> snmp_access deny all
> snmp_incoming_address 0.0.0.0
> snmp_outgoing_address 255.255.255.255
>

Disabling the port is the way to go when you don't want any access at all:
 snmp_port 0

> # DNS OPTIONS
> #
>
-----------------------------------------------------------------------------
> check_hostnames on
> allow_underscore on

Really? it would be worth your time convincing the people on your network
not to use _ in domain names.
NOTE: its completely invalid to be using it on the public Internet anyway.

<snip>
> offline_mode on

Caching mode for internet disconnected servers turned on. Why?

<snip>
> acl extensiones rep_mime_type "/etc/squid/ext_slow"

A _mime_ ACL called "extensions" ??

What exactly is inside that file... file extensions? or mime types? pieces
of random text?

This operates on the replies, so it may be related to an error receiving
things...

Amos
Received on Wed Feb 03 2010 - 23:24:56 MST