Re: [squid-users] CLOSE_WAIT

From: Steve Hill <>
Date: Wed, 09 Jan 2013 12:28:04 +0000

On 09/01/13 10:14, Steve Hill wrote:

> I have a busy Squid 3.2.3 server that constantly has a huge number of
> connections tied up in CLOSE_WAIT (i.e. at the moment it has 364
> tcp 1 0 ::ffff: ::ffff:
> CLOSE_WAIT 32303/(squid-1)

Further to this, it appears that this is triggered by ICAP REQMOD
rewrites of CONNECT requests:

1. Client sends a "CONNECT HTTP/1.1" request to the
2. Squid passes the request to the ICAP REQMOD service.
3. The ICAP REQMOD service wants to deny the request, so rewrites the
4. Squid returns a "403 Forbidden" response to the client in clear text
(this is allowed, as it is seen by the client as a response from the
proxy rather than a response from the web server, although very few
clients actually display the page contents these days due to security
5. The client sends a FIN
At this point, the socket stays open on the Squid server - Squid never
closes it and there is 1 byte in the socket's rx queue. I have no idea
what that 1 byte is though - Since all requests are terminated with a
\r\n maybe squid doesn't read the \n ?)

  - Steve Hill
    Technical Director
    Opendium Limited
Direct contacts:
    Instant messager:
Sales / enquiries contacts:
    Phone:            +44-844-9791439 /
Support contacts:
    Phone:            +44-844-4844916 /
Received on Wed Jan 09 2013 - 12:28:19 MST

This archive was generated by hypermail 2.2.0 : Thu Jan 10 2013 - 12:00:03 MST