Re: [squid-users] Squid gives 503 Service Unavailable for a known working service

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 25 Aug 2010 01:38:09 +0000

On Tue, 24 Aug 2010 17:08:44 +0200, J5K <junk5_at_klunky.co.uk> wrote:
> Sent once more because I never received a copy back from the mailing
> list, which is unusual.
> j.
>
> -------- Original Message --------
> Dear all,
>
> I have encountered a problem with our Squid server, where it does
> not seem to proxy a certain connection. The problem appeared on the
> 19th August. The last configuration change on the squid server was on
> the 16th. I rolled back the change, but it did not solve the problem,
> although, the change was unrelated. A diff between the current and
> previous squid.conf files did not show anything relevant.
>
> The server named t2nl-app301 has this entry in the squid.conf
> acl t2nl-app301 src 10.205.8.193/255.255.255.255

No need for that 255.* mask. Default in absence of a mask is a single-IP
match.

> http_access allow t2nl-app301
>
> All HTTP requests sent via the squid service successfully proxied except
> one.
> t2nl-app301 -> Squid service -> Chaos : squid always passes back a
> 503 Service unavailable.
>
> Summary of tests:
> A direct connection (no proxy used) from t2nl-app301 -> Chaos : result
> 401.
> A direct connection (no proxy used) from Squid server -> Chaos :
> result 401.
> A connection using the proxy, from Squid server -> Chaos: result 503.
> A connection using the proxy, from t2nl-app301 -> Chaos : result 503.
>
> A tcpdump of the proxied connection between:
> t2nl-app301 -> Squid service -> Chaos connection
> shows the conection from t2nl-ap301 to Squid server, but no packets are
> sent from Squid server to Chaos.
> There is an entry in the access.log that reads:
> 10.205.8.193 - - [24/Aug/2010:14:38:03 +0200] "GET
> http://chaos:5780/invoke/VTEMS.Flows/receive HTTP/1.0" 503 1596
> TCP_MISS:NONE
>
> I am at a loss of how to diagnose this problem. Has anyone got any
> ideas of where I should look? I do not see how this could be a firewall
> problem because one can telnet onto the port from the Squid server and
> get a responce.

503 is a rather generic code to work from. the NONE indicates that no
server was contacted so the problems was encountered itself by the
reporting Squid.

The content of the 503 error page is going to be important tracking down
what has actually gone wrong.

Amos
Received on Wed Aug 25 2010 - 01:38:17 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 25 2010 - 12:00:02 MDT