<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Mar 16, 2016 at 1:03 AM, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">On 16/03/2016 12:38 p.m., Chris Nighswonger wrote:<br>
> Why does netstat show two connections per client connection to Squid:<br>
><br>
> tcp        0      0 <a href="http://127.0.0.1:3128" rel="noreferrer" target="_blank">127.0.0.1:3128</a>          <a href="http://127.0.0.1:34167" rel="noreferrer" target="_blank">127.0.0.1:34167</a><br>
> ESTABLISHED<br>
> tcp        0      0 <a href="http://127.0.0.1:34167" rel="noreferrer" target="_blank">127.0.0.1:34167</a>         <a href="http://127.0.0.1:3128" rel="noreferrer" target="_blank">127.0.0.1:3128</a><br>
> ESTABLISHED<br>
><br>
> In this case, there is a content filter running in front of Squid on the<br>
> same box. The same netstat command filtered on the content filter port<br>
> shows only one connection per client:<br>
><br>
> tcp        0      0 192.168.x.x:8080      192.168.x.y:1310       ESTABLISHED<br>
><br>
<br>
</span>Details of your Squid configuration are needed to answer that.<br></blockquote></div><br><br></div><div class="gmail_extra">Here it is. I've stripped out all of the acl lines to reduce the length:<br><br>tcp_outgoing_address 184.x.x.x<br>http_port <a href="http://127.0.0.1:3128">127.0.0.1:3128</a><br>hierarchy_stoplist cgi-bin ?<br>cache_mem 4 GB<br>maximum_object_size 32768 KB<br>maximum_object_size_in_memory 200 KB<br>cache_dir aufs /var/cache/squid3 375000 65 256<br>access_log /var/log/squid3/access.log<br>cache_log /var/log/squid3/cache.log<br>cache_store_log none<br>cachemgr_passwd SuperSecretPW all<br>debug_options ALL,1<br>auth_param basic program /usr/lib/squid3/basic_ldap_auth <connection parameters go here><br>auth_param basic children 60<br>auth_param basic realm Campus Proxy Server<br>auth_param basic credentialsttl 2 hours<br>auth_param basic casesensitive off<br>refresh_pattern ^ftp:        1440    20%    10080<br>refresh_pattern ^gopher:    1440    0%    1440<br>refresh_pattern -i (/cgi-bin/|\?) 0    0%    0<br>refresh_pattern .        0    20%    4320<br>quick_abort_min 0 KB<br>quick_abort_max 0 KB<br>forwarded_for truncate<br>follow_x_forwarded_for allow all<br>log_uses_indirect_client on<br>http_reply_access allow all<br>icp_access allow all<br>cache_mgr support@organization.tld<br>store_avg_object_size 20 KB<br>coredump_dir /var/spool/squid3<br>client_persistent_connections on<br>server_persistent_connections on<br>persistent_connection_after_error on<br>visible_hostname gateway.intranet.organization.tld<br>negative_ttl 5 minutes<br>negative_dns_ttl 1 minutes<br>cache_effective_user proxy<br>cache_effective_group proxy<br><br><br></div><div class="gmail_extra">Kind regards,<br></div><div class="gmail_extra">Chris<br></div></div>