On 09/01/13 10:14, Steve Hill wrote:
> I have a busy Squid 3.2.3 server that constantly has a huge number of
> connections tied up in CLOSE_WAIT (i.e. at the moment it has 364
> ESTABLISHED but 3622 in CLOSE_WAIT).
>
> tcp 1 0 ::ffff:172.23.3.254:8080 ::ffff:172.23.2.158:49615
> CLOSE_WAIT 32303/(squid-1)
Further to this, it appears that this is triggered by ICAP REQMOD
rewrites of CONNECT requests:
1. Client sends a "CONNECT foo.example.com:443 HTTP/1.1" request to the
proxy.
2. Squid passes the request to the ICAP REQMOD service.
3. The ICAP REQMOD service wants to deny the request, so rewrites the
request.
4. Squid returns a "403 Forbidden" response to the client in clear text
(this is allowed, as it is seen by the client as a response from the
proxy rather than a response from the web server, although very few
clients actually display the page contents these days due to security
restrictions).
5. The client sends a FIN
At this point, the socket stays open on the Squid server - Squid never
closes it and there is 1 byte in the socket's rx queue. I have no idea
what that 1 byte is though - Since all requests are terminated with a
\r\n maybe squid doesn't read the \n ?)
--
- Steve Hill
Technical Director
Opendium Limited http://www.opendium.com
Direct contacts:
Instant messager: xmpp:steve_at_opendium.com
Email: steve_at_opendium.com
Phone: sip:steve_at_opendium.com
Sales / enquiries contacts:
Email: sales_at_opendium.com
Phone: +44-844-9791439 / sip:sales_at_opendium.com
Support contacts:
Email: support_at_opendium.com
Phone: +44-844-4844916 / sip:support_at_opendium.com
Received on Wed Jan 09 2013 - 12:28:19 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 10 2013 - 12:00:03 MST