[squid-users] Squid 3.3 Reverse Proxy Mode - 502 Errors when uploading files larger than 6MB

I am currently running Squid 3.3.9 and 3.3.10 on RedHat Enterprise Server 5 in a reverse-proxy set-up and have an issue when attempting to upload a file (i.e. .xls) that is larger than 6MB.  A 502 error is thrown by Squid. The backend parent web server is an IIS 7.5 Win2k8 R2.  The oddity is the site functions just fine under the old Squid 2.6.22 version.  However after upgrading to 3.3.9 (and subsequently 3.3.10 to see if this error resolves), the upload issue of files larger than 6MB still exists.   The 502 Error from the access.log reads: https://site.com/products/application/SomeThing/Batch.aspx%c2%a0- FIRSTUP_PARENT/192.168.1.5 text/html 1384868971.758 134798 192.250.4.3 TCP_MISS/502 5065 POST   I turned up the debug level to: debug_options ALL,333   This produced the output below in the cache.log file which showed a “(104) Connection reset by peer” error:   013/11/20 07:58:09.714 kid1| http.cc(1104) persistentConnStatus: persistentConnStatus: clen=0 2013/11/20 07:58:10.167 kid1| comm.cc(145) commHandleRead: comm_read_try: FD 10, size 16383, retval -1, errno 104 2013/11/20 07:58:10.167 kid1| AsyncCall.cc(85) ScheduleCall: IoCallback.cc(127) will call HttpStateData::readReply(local=192.250.4.3:55985 remote=192.168.1.5:443 FD 10 flags=1, errno=104, flag=-1, data=0x10edade8, size=0, buf=0x10ee9ff0) [call264] 2013/11/20 07:58:10.167 kid1| AsyncCallQueue.cc(51) fireNext: entering HttpStateData::readReply(local=192.250.4.3:55985 remote=192.168.1.5:443 FD 10 flags=1, errno=104, flag=-1, data=0x10edade8, size=0, buf=0x10ee9ff0) 2013/11/20 07:58:10.168 kid1| http.cc(1172) readReply: local=192.250.4.3:55985 remote=192.168.1.5:443 FD 10 flags=1: read failure: (104) Connection reset by peer. 2013/11/20 07:58:10.168 kid1| AsyncJob.cc(131) callEnd: HttpStateData::readReply(local=192.250.4.3:55985 remote=192.168.1.5:443 flags=1, errno=104, flag=-1, data=0x10edade8, size=0, buf=0x10ee9ff0) ends job [ job25] 2013/11/20 07:58:10.168 kid1| AsyncJob.cc(141) callEnd: HttpStateData::readReply(local=192.250.4.3:55985 remote=192.168.1.5:443 flags=1, errno=104, flag=-1, data=0x10edade8, size=0, buf=0x10ee9ff0) ended 0x10edaea8 2013/11/20 07:58:10.168 kid1| AsyncCallQueue.cc(53) fireNext: leaving HttpStateData::readReply(local=192.250.4.3:55985 remote=192.168.1.5:443 flags=1, errno=104, flag=-1, data=0x10edade8, size=0, buf=0x10ee9ff0) 2013/11/20 07:58:10.169 kid1| errorpage.cc(1120) Convert: errorConvert: %%E --> '(104) Connection reset by peer'   I played around with various parameters in the squid.conf file to no avail:   # Base ACL rules to allow connections on port 80 and 443 acl all src all acl port80 port 80 acl port443 port 443 http_access allow port80 http_access allow port443 http_access deny all http_reply_access allow all   # Forces no caching of failed requests negative_ttl 0   # Timeout value for closing persistent idle connections pconn_timeout 1 seconds   #request_body_max_size 20 MB #client_request_buffer_max_size 20 MB   # Turns off some HTTP Headers we do not want exposed via off #forwarded_for off request_header_access From deny all request_header_access Server deny all request_header_access WWW-Authenticate deny all request_header_access Link deny all request_header_access Proxy-Connection deny all request_header_access X-Cache deny all request_header_access X-Cache-Lookup deny all request_header_access Via deny all request_header_access Keep-Alive deny all   # SSL HTTP Listeners https_port 168.250.1.2:443 accel protocol=https vhost cert=/apps/squid/etc/ssl/sslcert.pem cafile=/apps/squid/etc/ssl/verisign.pem defaultsite=site.com   # SSL Cache Peer cache_peer 192.168.1.5 parent 443 0 proxy-only originserver ssl name=pilot_ssl ssldomain=site.com sslflags=DONT_VERIFY_PEER   # SSL ACL acl pilot_ssl_IP_acl      myip 168.250.1.2   # SSL Cache Peer Access cache_peer_access pilot_ssl allow pilot_ssl_IP_acl port443   Squid was compiled in this manner:   ./configure --prefix=/apps/squid3.3.9 --enable-icmp --enable-ssl --with-openssl=/apps/ssl --disable-internal-dns --disable-ipv6 --with-large-files  --enable-external-acl-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,DB,squid_radius_auth   As I mentioned before, everything works just fine under Squid 2.6.22 hitting the exact same back-end web server.  However it breaks on Squid 3.3.9 and Squid 3.3.10.  Something appears to have changed in the manner in which the connection/buffer/something functions between Squid 3.3.x and the back-end parent server that causes the hiccup with 6MB or larger files.   Attempted to change the timeout value on the back-end parent server (IIS Windows) to 240 seconds, however all that did was cause the timeout to happen at the 240 second mark rather than the default 120 second mark.  It is as if something causes a stall between Squid and IIS as the file upload never actually make it to the back-end parent server.  Again, this functions just fine under Squid 2.6.22 so something is amiss.    Any assistance would be greatly appreciated to resolve or further troubleshoot this issue.  Thanks!
Received on Thu Nov 21 2013 - 16:51:06 MST