[squid-users] Squid error : ERR_CONNECT_FAIL, TAG_NONE/503 & TCP_MISS/503

hoje hazri at ymail.com
Mon May 8 08:09:27 UTC 2017 

Hi,

I have installed squid 3.5.24 and have enable option '--enable-ssl'
'--enable-ssl-crtd' and '--with-openssl’. Im using debian 8.7. Im want to
use this squid to filter http & https traffic. I have no problem filtering
http/https when using it with <10 users. If i connect it to 200+ users, i
will get lots of ERR_CONNECT_FAIL, TAG_NONE/503 & TCP_MISS/503 in less than
10 minutes. Need some advice. Thank you.


My squid.conf
——————

max_filedesc 65535
dns_v4_first on
request_timeout 5 minutes 


acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
#acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
#acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines
#acl SSL_ports port 443
acl SSL_ports port 443 563 1863 5190 5222 5050 6667
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports 


http_access allow localhost manager
http_access allow localnet manager
http_access deny manager

#http_access deny to_localhost

http_access allow localnet
http_access allow localhost

http_access deny all

http_port 0.0.0.0:3128 intercept
http_port 0.0.0.0:3130
https_port 0.0.0.0:3129 intercept ssl-bump connection-auth=off
cert=/etc/squid/squidCA.pem


cache_mem 512 MB
always_direct allow all
#sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
acl blocked ssl::server_name  "/etc/squid/tah.txt" 
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump terminate blocked 
ssl_bump splice all
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB


cache_dir ufs /var/spool/squid 15360 16 256
cache_swap_low 87
cache_swap_high 90

coredump_dir /var/spool/squid


refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

——————————
My cachemgr:info
- - - - - -  - - - - - - - -  
Squid Object Cache: Version 3.5.24
Build Info: 
Service Name: squid
Start Time:	Thu, 27 Apr 2017 09:25:20 GMT
Current Time:	Thu, 27 Apr 2017 09:43:30 GMT
Connection information for squid:
	Number of clients accessing cache:	228
	Number of HTTP requests received:	15757
	Number of ICP messages received:	0
	Number of ICP messages sent:	0
	Number of queued ICP replies:	0
	Number of HTCP messages received:	0
	Number of HTCP messages sent:	0
	Request failure ratio:	 0.00
	Average HTTP requests per minute since start:	866.7
	Average ICP messages per minute since start:	0.0
	Select loop called: 292181 times, 3.733 ms avg
Cache information for squid:
	Hits as % of all requests:	5min: 0.1%, 60min: 0.1%
	Hits as % of bytes sent:	5min: 100.0%, 60min: 99.8%
	Memory hits as % of hit requests:	5min: 52.9%, 60min: 55.6%
	Disk hits as % of hit requests:	5min: 47.1%, 60min: 44.4%
	Storage Swap size:	13683904 KB
	Storage Swap capacity:	87.0% used, 13.0% free
	Storage Mem size:	2104 KB
	Storage Mem capacity:	 1.6% used, 98.4% free
	Mean Object Size:	15.44 KB
	Requests given to unlinkd:	0
Median Service Times (seconds)  5 min    60 min:
	HTTP Requests (All):  57.44813 57.44813
	Cache Misses:         28.47649 10.20961
	Cache Hits:            0.00000  0.00102
	Near Hits:             0.00000  0.00000
	Not-Modified Replies:  0.00000  0.00000
	DNS Lookups:           0.00860  0.00860
	ICP Queries:           0.00000  0.00000
Resource usage for squid:
	UP Time:	1090.832 seconds
	CPU Time:	128.728 seconds
	CPU Usage:	11.80%
	CPU Usage, 5 minute avg:	26.31%
	CPU Usage, 60 minute avg:	11.76%
	Maximum Resident Size: 3929760 KB
	Page faults with physical i/o: 85
Memory accounted for:
	Total accounted:       183695 KB
	memPoolAlloc calls:   3003099
	memPoolFree calls:    3027675
File descriptor usage for squid:
	Maximum number of file descriptors:   65535
	Largest file desc currently in use:   2691
	Number of file desc currently in use: 2405
	Files queued for open:                   0
	Available number of file descriptors: 63130
	Reserved number of file descriptors:   100
	Store Disk files open:                   0
Internal Data Structures:
	887622 StoreEntries
	  1623 StoreEntries with MemObjects
	    55 Hot Object Cache Items
	886002 on-disk objects



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-error-ERR-CONNECT-FAIL-TAG-NONE-503-TCP-MISS-503-tp4682334.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list