[squid-users] TCP_MISS/503 0 CONNECT errors from Bruno Santos on 2012-06-29 (squid-users)

From: Bruno Santos <bvsantos_at_ulscb.min-saude.pt>
Date: Fri, 29 Jun 2012 14:30:45 +0100 (WEST)

Hi all.

I've search in the internet and i've done some experiences with some solutions i found on the internet, but still no luck.

In some https sites i'm getting TCP_MISS/503 0 CONNECT and the page is not displayed.

It has to be something to do with squid, because if i don't use a proxy server (my machine is allowed to connect directly to the internet - so is the proxy server) i don't get any errors and the sites are displayed correctly.
the funny thing is, if i refresh the page, most of the times, it works.. But never the first time...

Sometimes i get this error in the browser (chromium):

Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.

In squid access.log, this is the error:

1340974582.878 4 192.168.98.3 TCP_MISS/503 0 CONNECT plus.google.com:443 - DIRECT/- -
1340974586.898 2 192.168.98.3 TCP_MISS/503 0 CONNECT ssl.gstatic.com:443 - DIRECT/- -
1340974586.898 2 192.168.98.3 TCP_MISS/503 0 CONNECT lh6.googleusercontent.com:443 - DIRECT/- -
1340974587.579 3 192.168.98.3 TCP_MISS/503 0 CONNECT images3-focus-opensocial.googleusercontent.com:443 - DIRECT/- -
1340974587.596 17 192.168.98.3 TCP_MISS/503 0 CONNECT lh3.googleusercontent.com:443 - DIRECT/- -
1340974587.596 17 192.168.98.3 TCP_MISS/503 0 CONNECT s2.googleusercontent.com:443 - DIRECT/- -
1340974587.598 5 192.168.98.3 TCP_MISS/503 0 CONNECT images1-focus-opensocial.googleusercontent.com:443 - DIRECT/- -
1340974587.598 20 192.168.98.3 TCP_MISS/503 0 CONNECT images1-focus-opensocial.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.603 6 192.168.98.3 TCP_MISS/503 0 CONNECT images2-focus-opensocial.googleusercontent.com:443 - DIRECT/- -
1340974587.603 9 192.168.98.3 TCP_MISS/503 0 CONNECT images2-focus-opensocial.googleusercontent.com:443 - DIRECT/- -
1340974588.573 10 192.168.98.3 TCP_MISS/503 0 CONNECT apis.google.com:443 - DIRECT/- -
1340974588.644 81 192.168.98.3 TCP_MISS/503 0 CONNECT talkgadget.google.com:443 - DIRECT/- -
1340974588.644 84 192.168.98.3 TCP_MISS/503 0 CONNECT talkgadget.google.com:443 - DIRECT/- -
(after refresh the page)
1340974588.698 522 192.168.99.16 TCP_MISS/200 18114 CONNECT plus.google.com:443 - DIRECT/173.194.34.230 -

I'm using Squid with dansguardian for content filtering. The clients connect to 8080 port (dansguardian) . Squid and dansguardian connect with port 3128.

Here is my squid configuration:

-------------------------------------------------------

http_port 127.0.0.1:3128

auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "ou=people,dc=domain,dc==com" -f "uid=%s" -H ldaps://ldapserver.domain.com:636 -v 3
auth_param basic children 5
auth_param basic realm Please type your credentials!
auth_param basic credentialsttl 1 minute
acl ldapAuth proxy_auth REQUIRED

acl manager proto cache_object
acl webserver src 127.0.0.1/32
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

acl HalNetworks src 172.20.0.0/16 192.168.20.0/24 192.168.30.0/24 192.168.240.0/24 192.168.250.0/24

acl Nonet src "/etc/squid/HalNonet.squid"

acl HalDeny dstdom_regex "/etc/squid/HalDeny.squid"

acl SSL_ports port 443
acl SSL_ports port 631 # Cups
acl SSL_ports port 873 # Rsync
acl SSL_ports port 1494 # citrix
acl SSL_ports port 2598 # citrix
acl SSL_ports port 4433 # DGS
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 82 # escolas
acl Safe_ports port 8081 # http
acl Safe_ports port 8181 # Coaguladores
acl Safe_ports port 873 # rsync
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 1494 # citrix
acl Safe_ports port 2598 # citrix
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl POST method POST

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access deny !HALNetworks
http_access allow localhost

http_access deny Nonet

http_access allow ldapAuth

http_access deny all

icp_access allow HALNetworks
icp_access deny all

acl_uses_indirect_client on

follow_x_forwarded_for allow localhost

hierarchy_stoplist cgi-bin ?

cache_mem 1876 MB

maximum_object_size_in_memory 4096 KB

memory_replacement_policy lru

cache_replacement_policy heap GDSF

cache_dir ufs /cache 96000 16 256

maximum_object_size 4096 KB

access_log /var/log/squid/access.log squid

log_fqdn off
refresh_pattern ^ftp: 30 20% 10080
refresh_pattern . 30 20% 4320

refresh_all_ims on

cache_mgr squid_at_domain.com

mail_from squid_at_domain.com

cache_effective_user squid
cache_effective_group squid

visible_hostname proxy.domain.com

error_directory /usr/share/squid/errors/pt-pt

coredump_dir /var/spool/squid

-----------------------------------------------

I'm using squid-3.1.0.16-7 on CentOS 5.8 x86_64

Any hints on what it might be ? I have no clue.

Thank you

--
	Use Open Source Software
Human knowledge belongs to the world
	Bruno Santos
Linux registered user #349448

Received on Fri Jun 29 2012 - 13:31:03 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 30 2012 - 12:00:04 MDT