Re: [squid-users] TCP_MISS_ABORTED after upgrade to 3.2 form 3.1 from dweimer on 2013-01-23 (squid-users)

From: dweimer <dweimer_at_dweimer.net>
Date: Wed, 23 Jan 2013 17:05:09 -0600

On 2013-01-23 13:59, dweimer wrote:
> On 2013-01-23 13:48, dweimer wrote:
>> We are having an issue with a web based employment application form
>> after upgrading our reverse proxy from 3.1.20 to 3.2.6. The proxy
>> logs the following:
>>
>> 1358969527.735 300778 75.91.238.15 TCP_MISS/400 459 POST https://...
>>
>> Some do go through but very slowly, any ideas what would cause this?
>>
>> The form is a simple form on a Plone server with Apache 2.2.23 in
>> between handling the HTTPS on the back end server.
>
> Oops, copied one of the few that works, instead of one of the many
> that failed, the log that shows up when failed is at
> TCP_MISS_ABORTED.
>
> 1358969226.938 63434 75.91.238.15 TCP_MISS_ABORTED/000 0 POST
> https://...

Another update, I have confirmed that uploads to our PHP based File
Management Application (http://ajaxplorer.info) are also triggering the
same problem. This is running on Apache 2.2.23 on the same server as
the Squid application. I don't have any non HTTPS forms behind this
reverse proxy to verify if the problem is only on the https side or not.
We have verified that both applications work correctly when connecting
directly to them and not going through the reverse proxy. I have also
verified that it works fine using Squid 3.2.6 as a forward proxy on the
client side when accessing the applications directly. So its something
specific to the reverse proxy setup.

There's just one https_port line:

https_port 10.50.20.10:443 accel
cert=/usr/local/etc/squid/certs/myserver.crt
key=/usr/local/etc/squid/certs/myserver.key
options=NO_SSLv2:NO_TLSv1:CIPHER_SERVER_PREFERENCE
cipher=RC4:!MD5:!aNULL:!EDH defaultsite=www.mydefaultdomain.com

I do have multiple SSL sites using a ucc certifcate, the cache peer
lines look like the following, just different IPs, cache_peer_domains,
and acache_peer_access lists:

cache_peer 127.0.0.1 parent 443 0 ssl no-query no-digest
no-netdb-exchange originserver name=local_ssl_parent
sslcapath=/usr/local/share/certs sslflags=DONT_VERIFY_PEER
cache_peer_domain local_ssl_parent www.mydefaultsite.com
cache_peer_access local_ssl_parent allow defaultsite SSL

Is there any type of maximum post size setting that could be causing
this, I didn't see anything looking through the configuration options.
All downloads appear to be fine, some forms to submit data work just
fine, but those are very small forms. So I am wondering if there is
some sort of post size limit I am hitting that didn't exist in the 3.1
branch.

-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/

Received on Wed Jan 23 2013 - 23:05:15 MST

This archive was generated by hypermail 2.2.0 : Thu Jan 24 2013 - 12:00:04 MST