[squid-users] TCP_DENIED_REPLY/403

From: Andrei <funactivities_at_gmail.com>
Date: Fri, 29 Jul 2011 12:06:21 -0700

I'm getting this error message:
http://yahoo.com/
The requested URL could not be retrieved
The request or reply is too large.
If you are making a POST or PUT request, then the item you are trying
to upload is too large.
If you are making a GET request, then the item you are trying to
download is too large.

Squid access logs show:
1311965841.744 0 176.16.0.161 TCP_DENIED_REPLY/403 3643 NONE
error:request-too-large - NONE/- text/html

I assume that reply_header_max_size are and request_header_max_size
are set by default to unlimited in v3m but adding manually
reply_header_max_size 40 M and request_header_max_size 40 M still
gives me the same error message.

I'm running:
Squid Cache: Version 3.1.6
Debian stable 6.0.2.1
DualXeon 3GhZ, 250GB SCSI, 4GB RAM

Config file:

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 172.16.0.0/21 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
request_header_max_size 0
request_body_max_size 0
reply_header_max_size 0
reply_body_max_size 0
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access allow all
icp_access allow all
htcp_access allow all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
cache_mem 1024 MB
cache_dir ufs /var/spool/squid3 40960 16 256
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 40% 40320
icp_port 0
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200
90% 432000 override-expire ignore-no-cache ignore-no-store
ignore-private
refresh_pattern -i
\.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200
override-expire ignore-no-cache ignore-no-store ignore-private
Received on Fri Jul 29 2011 - 19:06:27 MDT

This archive was generated by hypermail 2.2.0 : Sat Jul 30 2011 - 12:00:02 MDT