Re: [squid-users] Squid 3.2.1 Reverse Proxy. TCP_MISS/403 suddenly appearing for one cache peer. from Eliezer Croitoru on 2013-07-24 (squid-users)

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Wed, 24 Jul 2013 21:29:21 +0300

I believe that a basic tcpdump test for port 80 will show you if there
is any access to the cache_peer IP address.
If it's a production and loaded system it will be a bit of a problem to
do that.
It will minimize the problem from the network level which is might be
the reason to the application level.

Eliezer

On 07/24/2013 07:37 AM, PSA4444 wrote:
> I am running a squid reverse proxy in a DMZ which allows the outside world to
> access several websites I am hosting. One of these websites is a nagios
> server.
>
> Everything has been working well for months but this morning, users were not
> able to access the nagios site.
>
> Nobody has changed anything on either server for months. This is being
> logged in access.log:
>
> xx.xx.xx.xx TCP_MISS/403 680 GET http://nagios.blah.com/nagios -
> FIRSTUP_PARENT/yy.yy.yy.yy text/html
> xx.xx.xx.xx TCP_MISS/403 680 GET http://nagios.blah.com/favicon.ico -
> FIRSTUP_PARENT/yy.yy.yy.yy text/html
>
> xx.xx.xx.xx = source IP
> yy.yy.yy.yy = unknown ip
>
> Relevant entry:
>
> #Nagios
> cache_peer nagios.blah.com parent 80 0 no-query originserver name=nag
> login=PASSTHRU
> acl sites_nag dstdomain nagios.blah.com
> cache_peer_access nag allow sites_nag firstclient
> cache_peer_access nag allow sites_nag secondclient
> cache_peer_access nag deny publicall
> acl https proto https
> http_access allow all
>
> I have a hosts file entry pointing the squid server to the local nagios
> server.
>
> 10.0.1.23 nagios.blah.com
>
> Connecting directly to this via squid using the links browser works.
> Connecting directly to the nagios server via firefox within the network also
> works.
> I have tried restarting squid and the apache service on the nagios server.
>
> Any idea what's wrong, why this suddenly started happening and how to fix
> it?
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-2-1-Reverse-Proxy-TCP-MISS-403-suddenly-appearing-for-one-cache-peer-tp4661218.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
>
Received on Wed Jul 24 2013 - 18:30:05 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 25 2013 - 12:00:10 MDT