Re: [squid-users] error, logs say TCP_DENIED from Amos Jeffries on 2010-02-22 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 23 Feb 2010 09:06:29 +1300

Kees Hink wrote:
> I'd like to make squid pass requests to pound, but i'm getting an error: "The
> requested URL could not be retrieved" (http://pastebin.org/95395). The squid
> access log says ""1266857413.088 0 127.0.0.1 TCP_DENIED/400 2212 GET
> NONE:// - NONE/- text/html
>
> My squid config is the default /etc/squid/squid.conf (Squid 2.7, installed as
> Ubuntu package), with just one extension:
> cache_peer 127.0.0.1 parent 28085 0 no-query originserver name=pound_viva
> cache_peer_domain pound_viva .localviva.nl
> (http://pastebin.org/95397)
>
> The localviva.nl domain is faked in my /etc/hosts. Apache has a VirtualHost for
> it, which redirects to squid at port 3128. A pound server is listening on
> localhost:28085. I can reach pound directly through http, but squid fails to
> relay to it.

This appears to be a backward topology. One of the main points of using
Squid is that it relieves load pressure on heavy complicated systems
like Apache.

I configure squid as the front end with most sites going to apache via
cache_peer, and the ones that need non-apache services cache_peer'd to
those services directly.

>
> I read http://wiki.squid-cache.org/SquidFaq/TroubleShooting, but found nothing
> on "TCP_DENIED" or "The requested URL could not be retrieved".
>
> I must be missing something really basic here, like a permission setting. Could
> someone please help me out?
>

Apache is mangling the URLs as they go through. Your Squid server does
not know what to do with the garbage:
http://localhost:3128/VirtualHostBase/http/localviva.nl:80/vivalafocus/VirtualHostRoot/

Please read through these pages and reconsider the way you have Squid
and Apache linked together:
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting
http://wiki.squid-cache.org/SquidFaq/ReverseProxy#Running_the_web_server_on_the_same_server

If you have any reasons why you have them linked together in the current
way, bring them up so we can advise on what else you may need to configure.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
   Current Beta Squid 3.1.0.16

Received on Mon Feb 22 2010 - 20:06:36 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 23 2010 - 12:00:06 MST