[squid-users] Data tricking implementation is on ICAP side or Squid side?

Alex Rousskov rousskov at measurement-factory.com
Thu Feb 18 14:58:27 UTC 2021


On 2/18/21 1:52 AM, John Zhu wrote:

> On 2/17/21, 10:28 PM, "Alex Rousskov" wrote:
> 
>     On 2/18/21 12:36 AM, John Zhu wrote:
> 
>     > I have a wired issue. I setup the  Squid and ICAP.   When ICAP (in
>     > RespMod) sends response body (any file types, most of time are large
>     > size files) in a relative slow speed to squid,  if the time elapses
>     > longer than 1 minute, the browser will close the session and fail the
>     > downloading,
> 
>     During that minute, does the browser actually get any HTTP response
>     bytes that the ICAP service sent to Squid? Just the response headers?
>     Nothing at all?


>     --- Yes, I implemented the data trickling feature at ICAP server side. I can see in the Firefox browser.:
> 1)  prompt to save or open file
> 2)  the progress bar is receiving a few bytes every seconds  

Please note that my questions were not about the functionality in
general, but the problematic transaction specifically.

If the browser is constantly receiving data during that minute, then it
probably does not timeout. What changes after that minute? You may get
more information from the browser developer console or equivalent. The
browser should log the reason for transaction termination somewhere.


>     > the squid log shows the error of TCP_MISS_ABORTED/206
> 
>     HTTP 206 is Partial Content response to a Range request. Did the origin
>     server respond with an HTTP 206 response? Or did the ICAP server
>     converted an HTTP 200 response into an HTTP 206 response? Or did Squid
>     do that conversion?

>  -- Yes, sending back to squid from ICAP server 206 partial body data, not the original server.

Are you sure that the origin server did not send an HTTP 206 response to
Squid? An ICAP server cannot replace an HTTP 200 OK response with an
HTTP 206 response _unless_ the request had a Range header, and even that
theoretically-possible 200->206 rewrite may not be supported by Squid
today (I have not checked that it is supported).


>     If Squid does the conversion, then perhaps Squid just has no data to
>     send to the client because the requested range has not come from the
>     data trickling ICAP service yet?
> 
> --- What is request range?  Does it put in the header of icap response header?

To learn about Range requests (and 206 responses to them), please see
RFC 7233: https://tools.ietf.org/html/rfc7233


> This is the ICAP header back to squid
> ICAP/1.0 200 OK

We are talking about HTTP headers, not ICAP headers. What HTTP headers
does your service receive and what HTTP headers does your service send back?


Cheers,

Alex.


> Date: Mon, 15 Feb 2021 04:35:37 +0000
> 
> 
>     HTH,
> 
>     Alex.
> 
> 
> 
>     > Here are the configuration.  I am new to squid.  
>     > 
>     >  
>     > 
>     > ==> /usr/local/squid/var/logs/access.log <==
>     > 
>     > 1613593651.769  59962 172.90.1.1 TCP_MISS_ABORTED/206 3635 GET
>     > https://urldefense.com/v3/__https://pfpt-my.sharepoint.com/personal/jzhu_company__;!!ORgEfCBsr282Fw!-GAUSOBJG8F9UUMSLCJJWioLebLx-daFRj1qtCC8n3lXrg-1bD6s1AF2-2wMthz3$ 
>     > _com/_layouts/15/download.aspx? - HIER_DIRECT/13.107.136.9 application/pdf
>     > 
>     >  
>     > 
>     >  
>     > 
>     > acl SSL_ports port 443
>     > acl Safe_ports port 80    # http
>     > acl Safe_ports port 21    # ftp
>     > acl Safe_ports port 443       # https
>     > acl Safe_ports port 70    # gopher
>     > acl Safe_ports port 210       # wais
>     > acl Safe_ports port 1025-65535 # unregistered ports
>     > acl Safe_ports port 280       # http-mgmt
>     > acl Safe_ports port 488       # gss-http
>     > acl Safe_ports port 591       # filemaker
>     > acl Safe_ports port 777       # multiling http
>     > acl CONNECT method CONNECT
>     > http_access deny !Safe_ports
>     > http_access deny CONNECT !SSL_ports
>     > http_access allow localhost manager
>     > http_access deny manager
>     > http_access allow all
>     > 
>     > # This is to help with the development process only
>     > #cache deny all
>     > 
>     > 
>     > cache_mem 1024 MB
>     > maximum_object_size 200 MB
>     > cache_swap_low 90
>     > cache_swap_high 95
>     > quick_abort_min -1
>     > 
>     > refresh_pattern ^ftp:     1440   20%    10080
>     > refresh_pattern ^gopher:   1440   0% 1440
>     > refresh_pattern -i (/cgi-bin/|\?) 0    0% 0
>     > refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
>     > refresh_pattern .     0  20%    4320
>     > 
>     > # Docker-compose setup
>     > icap_enable on
>     > icap_io_timeout 600 seconds
>     > icap_connect_timeout 600 seconds
>     > 
>     > icap_service service_req reqmod_precache bypass=1 icap://icapserver:1344/req
>     > icap_service service_resp respmod_precache bypass=1
>     > icap://icapserver:1344/resp
>     > adaptation_access service_req allow all
>     > adaptation_access service_resp allow all
>     > 
>     >  
>     > 
>     >  
>     > 
>     > Thank you all,
>     > 
>     >  
>     > 
>     > John Zhu
>     > 
>     >  
>     > 
>     > 
>     > _______________________________________________
>     > squid-users mailing list
>     > squid-users at lists.squid-cache.org
>     > https://urldefense.com/v3/__http://lists.squid-cache.org/listinfo/squid-users__;!!ORgEfCBsr282Fw!-GAUSOBJG8F9UUMSLCJJWioLebLx-daFRj1qtCC8n3lXrg-1bD6s1AF2-5jdkNI7$ 
>     > 
> 
> 



More information about the squid-users mailing list