Re: [squid-users] Issue: client_delay_pools and related directives

Hello Eliezer,

Yes, the squid instances runs wonderfully. And actually we use standard delay_pools with no problems. Only when introducing client_delay_pools does the problems start.

Here is the results of “squid -kparse” … Again, this is using Squid 3.3.8 on Ubuntu 14.04.

2014/05/01 15:08:21| Startup: Initializing Authentication Schemes ...
2014/05/01 15:08:21| Startup: Initialized Authentication Scheme 'basic'
2014/05/01 15:08:21| Startup: Initialized Authentication Scheme 'digest'
2014/05/01 15:08:21| Startup: Initialized Authentication Scheme 'negotiate'
2014/05/01 15:08:21| Startup: Initialized Authentication Scheme 'ntlm'
2014/05/01 15:08:21| Startup: Initialized Authentication.
2014/05/01 15:08:21| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2014/05/01 15:08:21| Processing: ident_lookup_access allow all
2014/05/01 15:08:21| Processing: dns_nameservers 127.0.0.1
2014/05/01 15:08:21| Processing: visible_hostname ocr-sab-lx0.ocretina.corp
2014/05/01 15:08:21| Processing: acl snmp_squid snmp_community p4r4v1s
2014/05/01 15:08:21| Processing: acl paravis_hq src 10.0.0.0/16
2014/05/01 15:08:21| Processing: snmp_port 3401
2014/05/01 15:08:21| Processing: snmp_access allow snmp_squid paravis_hq
2014/05/01 15:08:21| Processing: snmp_access deny all
2014/05/01 15:08:21| Processing: snmp_incoming_address 10.3.1.11
2014/05/01 15:08:21| Processing: snmp_outgoing_address 10.3.1.11
2014/05/01 15:08:21| Processing: acl SSL_ports port 443
2014/05/01 15:08:21| Processing: acl Safe_ports port 80 # http
2014/05/01 15:08:21| Processing: acl Safe_ports port 21 # ftp
2014/05/01 15:08:21| Processing: acl Safe_ports port 443 # https
2014/05/01 15:08:21| Processing: acl Safe_ports port 70 # gopher
2014/05/01 15:08:21| Processing: acl Safe_ports port 210 # wais
2014/05/01 15:08:21| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2014/05/01 15:08:21| Processing: acl Safe_ports port 280 # http-mgmt
2014/05/01 15:08:21| Processing: acl Safe_ports port 488 # gss-http
2014/05/01 15:08:21| Processing: acl Safe_ports port 591 # filemaker
2014/05/01 15:08:21| Processing: acl Safe_ports port 777 # multiling http
2014/05/01 15:08:21| Processing: acl CONNECT method CONNECT
2014/05/01 15:08:21| Processing: include /etc/squid3/conf.d/ocr.conf
2014/05/01 15:08:21| Processing Configuration File: /etc/squid3/conf.d/ocr.conf (depth 1)
2014/05/01 15:08:21| Processing: include /etc/squid3/conf.d/ocr/ocr.acls
2014/05/01 15:08:21| Processing Configuration File: /etc/squid3/conf.d/ocr/ocr.acls (depth 2)
2014/05/01 15:08:21| Processing: acl ocr_unrest_users ident -i "/etc/squid3/conf.d/ocr/unrest.users"
2014/05/01 15:08:21| strtokFile: /etc/squid3/conf.d/ocr/unrest.users not found
2014/05/01 15:08:21| Warning: empty ACL: acl ocr_unrest_users ident -i "/etc/squid3/conf.d/ocr/unrest.users"
2014/05/01 15:08:21| Processing: acl ocr_unrest_comps src "/etc/squid3/conf.d/ocr/unrest.comps"
2014/05/01 15:08:21| Processing: acl adsites dstdomain -i "/etc/squid3/conf.d/ads.sites"
2014/05/01 15:08:21| Processing: acl adregex url_regex -i "/etc/squid3/conf.d/ads.regex"
2014/05/01 15:08:21| Processing: acl paravis src 10.0.0.0/16
2014/05/01 15:08:21| Processing: acl ocr_unrest_doc src 10.3.1.231-10.3.1.235/32
2014/05/01 15:08:21| Processing: acl ocr_gary src 10.3.1.181-10.3.1.189/32
2014/05/01 15:08:21| Processing: acl laz src 10.3.1-6.31/32
2014/05/01 15:08:21| Processing: acl ocr_chen src 10.3.1.191/32
2014/05/01 15:08:21| Processing: acl ocr_chen src 10.3.2.191/32
2014/05/01 15:08:21| Processing: acl ocr_chen src 10.3.3.191/32
2014/05/01 15:08:21| Processing: acl ocr_chen src 10.3.4.191/32
2014/05/01 15:08:21| Processing: acl ocr_chen src 10.3.5.191/32
2014/05/01 15:08:21| Processing: acl ocr_chen src 10.3.6.191/32
2014/05/01 15:08:21| Processing: acl ocr_clinic src 10.3.2-6.101-110/32
2014/05/01 15:08:21| Processing: acl ocr_exam src 10.3.2-6.111-120/32
2014/05/01 15:08:21| Processing: acl ocr_va src 10.3.2-6.121-130/32
2014/05/01 15:08:21| Processing: acl ocr_insurance src 10.3.1.101-10.3.1.110/32 10.3.1.161-10.3.1.170/32
2014/05/01 15:08:21| Processing: acl ocr_admin src 10.3.1.121-10.3.1.130/32
2014/05/01 15:08:21| Processing: acl ocr_study src 10.3.1.141-142/32
2014/05/01 15:08:21| Processing: acl ocr_testing src 10.3.2-6.81-90/32
2014/05/01 15:08:21| Processing: acl ocr_doctor_personal src 10.3.1-6.231-240/32
2014/05/01 15:08:21| Processing: acl ocr_doctor_systems src 10.3.2-6.131-135/32
2014/05/01 15:08:21| Processing: acl ocr_dhcp src 10.3.1-6.201-230/32
2014/05/01 15:08:21| Processing: acl ocr src 10.3.0.0/16 10.0.2.0/24
2014/05/01 15:08:21| Processing: acl ocr_white dstdomain "/etc/squid3/conf.d/ocr/white.list"
2014/05/01 15:08:21| Processing: acl ocr_audio url_regex -i "/etc/squid3/conf.d/ocr/audio.stream"
2014/05/01 15:08:21| Processing: acl ocr_audiosites dstdomain "/etc/squid3/conf.d/ocr/audio.sites"
2014/05/01 15:08:21| Processing: include /etc/squid3/conf.d/ocr/ocr.access
2014/05/01 15:08:21| Processing Configuration File: /etc/squid3/conf.d/ocr/ocr.access (depth 2)
2014/05/01 15:08:21| Processing: http_access allow ocr_gary all
2014/05/01 15:08:21| Processing: http_access deny adsites
2014/05/01 15:08:21| Processing: http_access deny adregex
2014/05/01 15:08:21| Processing: http_access allow laz all
2014/05/01 15:08:21| Processing: http_access allow ocr_dhcp all
2014/05/01 15:08:21| Processing: http_access allow ocr_study all
2014/05/01 15:08:21| Processing: http_access allow ocr_unrest_comps all
2014/05/01 15:08:21| Processing: http_access allow ocr_doctor_systems all
2014/05/01 15:08:21| Processing: http_access allow ocr_doctor_personal all
2014/05/01 15:08:21| Processing: http_access allow ocr_admin all
2014/05/01 15:08:21| Processing: http_access allow ocr_chen all
2014/05/01 15:08:21| Processing: http_access allow paravis all
2014/05/01 15:08:21| Processing: http_access allow ocr ocr_audiosites
2014/05/01 15:08:21| Processing: http_access allow ocr ocr_audio
2014/05/01 15:08:21| Processing: http_access allow ocr ocr_white
2014/05/01 15:08:21| Processing: http_access deny ocr all
2014/05/01 15:08:21| Processing: include /etc/squid3/conf.d/ocr/ocr.dl_bw
2014/05/01 15:08:21| Processing Configuration File: /etc/squid3/conf.d/ocr/ocr.dl_bw (depth 2)
2014/05/01 15:08:21| Processing: delay_pools 7
2014/05/01 15:08:21| Processing: delay_class 1 3
2014/05/01 15:08:21| Processing: delay_access 1 allow ocr_unrest_doc
2014/05/01 15:08:21| Processing: delay_access 1 allow ocr_chen
2014/05/01 15:08:21| Processing: delay_access 1 allow ocr_doctor_personal
2014/05/01 15:08:21| Processing: delay_access 1 allow ocr_doctor_systems
2014/05/01 15:08:21| Processing: delay_access 1 deny all
2014/05/01 15:08:21| Processing: delay_parameters 1 2500000/2500000 2500000/2500000 2500000/2500000
2014/05/01 15:08:21| Processing: delay_class 2 3
2014/05/01 15:08:21| Processing: delay_access 2 allow ocr_gary
2014/05/01 15:08:21| Processing: delay_access 2 deny all
2014/05/01 15:08:21| Processing: delay_parameters 2 6200000/6200000 6200000/6200000 6200000/6200000
2014/05/01 15:08:21| Processing: delay_class 3 3
2014/05/01 15:08:21| Processing: delay_access 3 allow ocr_clinic
2014/05/01 15:08:21| Processing: delay_access 3 allow ocr_insurance
2014/05/01 15:08:21| Processing: delay_access 3 allow ocr_testing
2014/05/01 15:08:21| Processing: delay_access 3 allow ocr_study
2014/05/01 15:08:21| Processing: delay_access 3 deny all
2014/05/01 15:08:21| Processing: delay_parameters 3 1050000/1050000 1050000/1050000 1050000/1050000
2014/05/01 15:08:21| Processing: delay_class 4 3
2014/05/01 15:08:21| Processing: delay_access 4 allow ocr_exam
2014/05/01 15:08:21| Processing: delay_access 4 allow ocr_va
2014/05/01 15:08:21| Processing: delay_access 4 deny all
2014/05/01 15:08:21| Processing: delay_parameters 4 420000/420000 420000/420000 420000/420000
2014/05/01 15:08:21| Processing: delay_class 5 3
2014/05/01 15:08:21| Processing: delay_access 5 allow ocr_dhcp
2014/05/01 15:08:21| Processing: delay_access 5 deny all
2014/05/01 15:08:21| Processing: delay_parameters 5 800000/800000 800000/800000 800000/800000
2014/05/01 15:08:21| Processing: delay_class 6 3
2014/05/01 15:08:21| Processing: delay_access 6 allow ocr_admin
2014/05/01 15:08:21| Processing: delay_access 6 deny all
2014/05/01 15:08:21| Processing: delay_parameters 6 1300000/1300000 1300000/1300000 1300000/1300000
2014/05/01 15:08:21| Processing: delay_class 7 3
2014/05/01 15:08:21| Processing: delay_access 7 allow paravis
2014/05/01 15:08:21| Processing: delay_access 7 deny all
2014/05/01 15:08:21| Processing: delay_parameters 7 6200000/6200000 6200000/6200000 6200000/6200000
2014/05/01 15:08:21| Processing: include /etc/squid3/conf.d/ocr/ocr.ul_bw
2014/05/01 15:08:21| Processing Configuration File: /etc/squid3/conf.d/ocr/ocr.ul_bw (depth 2)
2014/05/01 15:08:21| Processing: client_delay_pools 1
2014/05/01 15:08:21| Processing: client_delay_access 1 allow all
2014/05/01 15:08:21| Processing: client_delay_access 1 deny all
2014/05/01 15:08:21| Processing: client_delay_parameters 1 2048 32000
2014/05/01 15:08:21| Processing: http_access deny !Safe_ports
2014/05/01 15:08:21| Processing: http_access deny CONNECT !SSL_ports
2014/05/01 15:08:21| Processing: http_access allow localhost manager
2014/05/01 15:08:21| Processing: http_access deny manager
2014/05/01 15:08:21| Processing: http_access allow localhost
2014/05/01 15:08:21| Processing: http_access deny all
2014/05/01 15:08:21| Processing: http_port 3128
2014/05/01 15:08:21| Processing: coredump_dir /var/spool/squid3
2014/05/01 15:08:21| Processing: refresh_pattern ^ftp: 1440 20% 10080
2014/05/01 15:08:21| Processing: refresh_pattern ^gopher: 1440 0% 1440
2014/05/01 15:08:21| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2014/05/01 15:08:21| Processing: refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
2014/05/01 15:08:21| Processing: refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-store ignore-private
2014/05/01 15:08:21| Processing: refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-store ignore-private
2014/05/01 15:08:21| Processing: refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-store ignore-private
2014/05/01 15:08:21| Processing: refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
2014/05/01 15:08:21| Processing: refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
2014/05/01 15:08:21| Processing: refresh_pattern . 0 40% 40320
2014/05/01 15:08:21| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP
2014/05/01 15:08:21| WARNING: use of 'ignore-no-store' in 'refresh_pattern' violates HTTP
2014/05/01 15:08:21| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP

On May 1, 2014, at 2:59 PM, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:

> Hey,
>
> As for this:
> On 05/01/2014 05:51 PM, Laz C. Peterson wrote:
>> Anyhow, the issue that I’m having is when configuring client_delay_pools per the Squid configuration documentation, all requests immediately get “connection reset by peer”. It does not seem like Squid restarts or anything, though I only have production servers to “test” on right now. Have not turned debug mode on yet, but there is nothing logged.
>
> To understand the issue.
> You have a squid instance that runs fine right? until you apply delay pools?
> If it is what you say then it's very simple to test and verify.
>
> The first thing to do is run:
> "squid -kparse"
> and see if there are any errors in the parsing.
> after that I can test it on a test node here without any problem.
>
> Eliezer
Received on Thu May 01 2014 - 22:11:16 MDT