[squid-users] Squid gives 503 Service Unavailable for a known working service

From: J5K <junk5_at_klunky.co.uk>
Date: Tue, 24 Aug 2010 17:08:44 +0200

Sent once more because I never received a copy back from the mailing
list, which is unusual.
j.

-------- Original Message --------
Subject: Squid gives 503 Service Unavailable for a known working service
Date: Tue, 24 Aug 2010 14:44:10 +0200
From: J5K <junk5_at_klunky.co.uk>
Reply-To: junk5_at_klunky.co.uk
To: squid-users_at_squid-cache.org

Dear all,

    I have encountered a problem with our Squid server, where it does
not seem to proxy a certain connection. The problem appeared on the
19th August. The last configuration change on the squid server was on
the 16th. I rolled back the change, but it did not solve the problem,
although, the change was unrelated. A diff between the current and
previous squid.conf files did not show anything relevant.

The server named t2nl-app301 has this entry in the squid.conf
    acl t2nl-app301 src 10.205.8.193/255.255.255.255
    http_access allow t2nl-app301

All HTTP requests sent via the squid service successfully proxied except
one.
    t2nl-app301 -> Squid service -> Chaos : squid always passes back a
503 Service unavailable.

Summary of tests:
  A direct connection (no proxy used) from t2nl-app301 -> Chaos : result
401.
  A direct connection (no proxy used) from Squid server -> Chaos :
result 401.
  A connection using the proxy, from Squid server -> Chaos: result 503.
  A connection using the proxy, from t2nl-app301 -> Chaos : result 503.

A tcpdump of the proxied connection between:
    t2nl-app301 -> Squid service -> Chaos connection
shows the conection from t2nl-ap301 to Squid server, but no packets are
sent from Squid server to Chaos.
There is an entry in the access.log that reads:
    10.205.8.193 - - [24/Aug/2010:14:38:03 +0200] "GET
http://chaos:5780/invoke/VTEMS.Flows/receive HTTP/1.0" 503 1596
TCP_MISS:NONE

I am at a loss of how to diagnose this problem. Has anyone got any
ideas of where I should look? I do not see how this could be a firewall
problem because one can telnet onto the port from the Squid server and
get a responce.

Regards, JK.
Received on Tue Aug 24 2010 - 15:08:40 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 25 2010 - 12:00:02 MDT