<div dir="ltr">Thanks for clarification on max-stale, although it is unintentionally ideal for my use-case.<div>Best,</div><div>Robin</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 12 Feb 2024 at 16:06, Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com">rousskov@measurement-factory.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 2024-02-12 10:13, Robin Carlisle wrote:<br>
<br>
> I have been having success so far with the config workaround.. config <br>
> snippet :-<br>
> <br>
> /max_stale 31536000 seconds<br>
> refresh_pattern . 0 20% 4320 max-stale=31536000/<br>
> <br>
> When an object has expired due to max-age and the PC is offline <br>
> (ethernet unplugged), squid attempts an origin refresh and gives me :<br>
> <br>
> /0 ::1 TCP_REFRESH_FAIL_OLD/200 35965 GET <br>
> <a href="https://widgets.api.labs.dev.framestoresignage.com/api/v1/instagram/labs/posts.json" rel="noreferrer" target="_blank">https://widgets.api.labs.dev.framestoresignage.com/api/v1/instagram/labs/posts.json</a> <<a href="https://widgets.api.labs.dev.framestoresignage.com/api/v1/instagram/labs/posts.json" rel="noreferrer" target="_blank">https://widgets.api.labs.dev.framestoresignage.com/api/v1/instagram/labs/posts.json</a>> - HIER_NONE/- application/json/<br>
> <br>
> Previously it had been passing the 502 through to the client application.<br>
<br>
Glad this workaround helps. Just keep in mind that the configuration <br>
snippet above changes max-stale for _all_ responses.<br>
<br>
<br>
> I am continuing to test this - but it looks like I have a working solution.<br>
<br>
Meanwhile, the fix for the underlying Squid bug was officially accepted <br>
and should become a part of v6.8 release (at least).<br>
<br>
<br>
Thank you,<br>
<br>
Alex.<br>
<br>
<br>
> On Fri, 9 Feb 2024 at 14:31, Alex Rousskov wrote:<br>
> <br>
> On 2024-02-09 08:53, Robin Carlisle wrote:<br>
> <br>
> > I am trying the config workaround approach.<br>
> <br>
> Please keep us posted on your progress.<br>
> <br>
> > Below is the config snippet I have added. I made the<br>
> > assumption that for the /refresh_pattern, max-stale=NN /config,<br>
> the NN<br>
> > is in minutes as per the rest of that config directive.<br>
> <br>
> That assumption is natural but incorrect: Unlike the anonymous<br>
> positional min and max parameters (that use minutes), refresh_pattern<br>
> max-stale=NN uses seconds. Documentation improvements are welcome.<br>
> <br>
> Said that, the workaround should still prevent the application of the<br>
> broken default refresh_pattern max-stale=0 rule, so you should still<br>
> see<br>
> positive results for the first NN seconds of the response age.<br>
> <br>
> Instead of specifying max-stale=NN, consider adding refresh_pattern<br>
> rules recommended by squid.conf.documented (and included in<br>
> squid.cond.default). Those rules do not have max-stale options at all,<br>
> and, hence, Squid will use (explicit or default) max_stale directive<br>
> instead.<br>
> <br>
> HTH,<br>
> <br>
> Alex.<br>
> <br>
> <br>
> > I am testing this right now<br>
> ><br>
> > # this should allow stale objects up to 1 year if allowed by<br>
> > Cache-Control repsonseheaders ...<br>
> ><br>
> > # ... setting both options just in case<br>
> ><br>
> > max_stale 525600 minutes<br>
> ><br>
> > refresh_pattern . 0 20% 4320 max-stale=525600<br>
> ><br>
> ><br>
> > Thanks again for your help<br>
> ><br>
> ><br>
> > Robin<br>
> ><br>
> ><br>
> ><br>
> ><br>
> > On Thu, 8 Feb 2024 at 17:42, Alex Rousskov<br>
> > <<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a><br>
> <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>><br>
> > <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a><br>
> <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>>>> wrote:<br>
> ><br>
> > Hi Robin,<br>
> ><br>
> > AFAICT from the logs you have privately shared and your<br>
> > squid.conf<br>
> > that you have posted earlier, your Squid overwrites<br>
> > stale-if-error=31536000 in the response with "refresh_pattern<br>
> > max-stale=0" default. That 0 value is wrong. The correct value<br>
> > should be<br>
> > taken from max_stale directive that defaults to 1 week, not zero:<br>
> ><br>
> > refresh_pattern<br>
> > ...<br>
> > max-stale=NN provide a maximum staleness factor. Squid<br>
> won't<br>
> > serve objects more stale than this even if it failed to<br>
> > validate the object. Default: use the max_stale global<br>
> limit.<br>
> ><br>
> > This wrong default is a Squid bug AFAICT. I posted an<br>
> _untested_ fix as<br>
> > Squid PR 1664: <a href="https://github.com/squid-cache/squid/pull/1664" rel="noreferrer" target="_blank">https://github.com/squid-cache/squid/pull/1664</a><br>
> <<a href="https://github.com/squid-cache/squid/pull/1664" rel="noreferrer" target="_blank">https://github.com/squid-cache/squid/pull/1664</a>><br>
> > <<a href="https://github.com/squid-cache/squid/pull/1664" rel="noreferrer" target="_blank">https://github.com/squid-cache/squid/pull/1664</a><br>
> <<a href="https://github.com/squid-cache/squid/pull/1664" rel="noreferrer" target="_blank">https://github.com/squid-cache/squid/pull/1664</a>>><br>
> ><br>
> > If possible, please test the corresponding patch:<br>
> ><br>
> <a href="https://github.com/squid-cache/squid/commit/571973589b5a46d458311f8b60dcb83032fd5cec.patch" rel="noreferrer" target="_blank">https://github.com/squid-cache/squid/commit/571973589b5a46d458311f8b60dcb83032fd5cec.patch</a> <<a href="https://github.com/squid-cache/squid/commit/571973589b5a46d458311f8b60dcb83032fd5cec.patch" rel="noreferrer" target="_blank">https://github.com/squid-cache/squid/commit/571973589b5a46d458311f8b60dcb83032fd5cec.patch</a>> <<a href="https://github.com/squid-cache/squid/commit/571973589b5a46d458311f8b60dcb83032fd5cec.patch" rel="noreferrer" target="_blank">https://github.com/squid-cache/squid/commit/571973589b5a46d458311f8b60dcb83032fd5cec.patch</a> <<a href="https://github.com/squid-cache/squid/commit/571973589b5a46d458311f8b60dcb83032fd5cec.patch" rel="noreferrer" target="_blank">https://github.com/squid-cache/squid/commit/571973589b5a46d458311f8b60dcb83032fd5cec.patch</a>>><br>
> ><br>
> > AFAICT, you can also work around that bug by configuring an<br>
> explicit<br>
> > refresh_pattern rule with an explicit max-stale option (see<br>
> > squid.conf.documented for examples). I have not tested that<br>
> theory<br>
> > either.<br>
> ><br>
> ><br>
> > HTH,<br>
> ><br>
> > Alex.<br>
> ><br>
> ><br>
> > On 2024-02-07 13:45, Robin Carlisle wrote:<br>
> > > Hi,<br>
> > ><br>
> > > I have just started my enhanced logging journey and have a<br>
> small<br>
> > snippet<br>
> > > below that might illuminate the issue ...<br>
> > ><br>
> > > /2024/02/07 17:06:39.212 kid1| 88,3| client_side_reply.cc(507)<br>
> > > handleIMSReply: origin replied with error 502, forwarding to<br>
> > client due<br>
> > > to fail_on_validation_err/<br>
> > ><br>
> > > A few lines below in the log it looks like squid sent :-<br>
> > ><br>
> > > /2024/02/07 17:06:39.212 kid1| 11,2| Stream.cc(280)<br>
> > sendStartOfMessage:<br>
> > > HTTP Client REPLY:<br>
> > > ---------<br>
> > > HTTP/1.1 502 Bad Gateway<br>
> > > Server: squid/5.7<br>
> > > Mime-Version: 1.0<br>
> > > Date: Wed, 07 Feb 2024 17:06:39 GMT<br>
> > > Content-Type: text/html;charset=utf-8<br>
> > > Content-Length: 3853<br>
> > > X-Squid-Error: ERR_READ_ERROR 0<br>
> > > Vary: Accept-Language<br>
> > > Content-Language: en<br>
> > > X-Cache: MISS from labs-maul-st-15<br>
> > > X-Cache-Lookup: HIT from labs-maul-st-15:3129<br>
> > > Via: 1.1 labs-maul-st-15 (squid/5.7)<br>
> > > Connection: close/<br>
> > ><br>
> > ><br>
> > > The rest of the logs are quite large and contain URLs I<br>
> cannot put<br>
> > > here. The logs were generated with debug_options to ALL,3.<br>
> > ><br>
> > > Any ideas? Or should I generate more detailed logs and<br>
> send them<br>
> > > privately?<br>
> > ><br>
> > > Thanks again,<br>
> > ><br>
> > > Robin<br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > > On Fri, 2 Feb 2024 at 11:20, Robin Carlisle<br>
> > > <<a href="mailto:robin.carlisle@framestore.com" target="_blank">robin.carlisle@framestore.com</a><br>
> <mailto:<a href="mailto:robin.carlisle@framestore.com" target="_blank">robin.carlisle@framestore.com</a>><br>
> > <mailto:<a href="mailto:robin.carlisle@framestore.com" target="_blank">robin.carlisle@framestore.com</a><br>
> <mailto:<a href="mailto:robin.carlisle@framestore.com" target="_blank">robin.carlisle@framestore.com</a>>><br>
> > <mailto:<a href="mailto:robin.carlisle@framestore.com" target="_blank">robin.carlisle@framestore.com</a><br>
> <mailto:<a href="mailto:robin.carlisle@framestore.com" target="_blank">robin.carlisle@framestore.com</a>><br>
> > <mailto:<a href="mailto:robin.carlisle@framestore.com" target="_blank">robin.carlisle@framestore.com</a><br>
> <mailto:<a href="mailto:robin.carlisle@framestore.com" target="_blank">robin.carlisle@framestore.com</a>>>>><br>
> > > wrote:<br>
> > ><br>
> > > Hi, thanks for your reply.<br>
> > ><br>
> > > I have been looking at :<br>
> > ><br>
> ><br>
> <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control" rel="noreferrer" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control</a> <<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control" rel="noreferrer" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control</a>> <<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control" rel="noreferrer" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control</a> <<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control" rel="noreferrer" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control</a>>> <<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control" rel="noreferrer" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control</a> <<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control" rel="noreferrer" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control</a>> <<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control" rel="noreferrer" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control</a> <<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control" rel="noreferrer" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control</a>>>><br>
> > ><br>
> > > /The stale-if-error response directive indicates that the<br>
> > cache can<br>
> > > reuse a stale response when an upstream server<br>
> generates an<br>
> > error,<br>
> > > or when the error is generated locally. Here, an error is<br>
> > considered<br>
> > > any response with a status code of 500, 502, 503, or 504.<br>
> > ><br>
> > > Cache-Control: max-age=604800, stale-if-error=86400<br>
> > > In the example above, the response is fresh for 7 days<br>
> (604800s).<br>
> > > Afterwards, it becomes stale, but can be used for an<br>
> extra 1 day<br>
> > > (86400s) when an error is encountered.<br>
> > ><br>
> > > After the stale-if-error period passes, the client will<br>
> > receive any<br>
> > > error generated/<br>
> > ><br>
> > > Given what you have said and what the above docs say -<br>
> I am still<br>
> > > confused as it looks like (in my test cases) the cached<br>
> > response can<br>
> > > be used for 3600 secs (this works), after which the cached<br>
> > response<br>
> > > can still be used for an additional 31536000 seconds<br>
> on an error<br>
> > > (this doesnt work).<br>
> > ><br>
> > > I am going to dig into the error logging you suggested<br>
> to see<br>
> > if I<br>
> > > can make sense of that - and will send on if I can't.<br>
> > ><br>
> > > Thanks v much for your help again,<br>
> > ><br>
> > > Robin<br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > > On Thu, 1 Feb 2024 at 18:27, Alex Rousskov<br>
> > > <<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a><br>
> <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>><br>
> > <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a><br>
> <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>>><br>
> > > <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a><br>
> <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>><br>
> > <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a><br>
> <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>>>>> wrote:<br>
> > ><br>
> > > On 2024-02-01 12:03, Robin Carlisle wrote:<br>
> > > > Hi, I am having trouble with stale-if-error<br>
> response.<br>
> > ><br>
> > > If I am interpreting Squid code correctly, in<br>
> primary use<br>
> > cases:<br>
> > ><br>
> > > * without a Cache-Control:stale-if-error=X in the<br>
> original<br>
> > > response,<br>
> > > Squid sends a stale object if revalidation results<br>
> in a<br>
> > 5xx error;<br>
> > ><br>
> > > * with a Cache-Control:stale-if-error=X and object<br>
> age at<br>
> > most<br>
> > > X, Squid<br>
> > > sends a stale object if revalidation results in a<br>
> 5xx error;<br>
> > ><br>
> > > * with a Cache-Control:stale-if-error=X and object age<br>
> > exceeding X,<br>
> > > Squid forwards the 5xx error response if revalidation<br>
> > results in<br>
> > > a 5xx<br>
> > > error;<br>
> > ><br>
> > > In other words, stale-if-error=X turns on a "fail on<br>
> > validation<br>
> > > errors"<br>
> > > behavior for stale objects older than X. It has no<br>
> other<br>
> > effects.<br>
> > ><br>
> > > In your test case, the stale objects are much<br>
> younger than<br>
> > > stale-if-error value (e.g., Age~=3601 vs.<br>
> > stale-if-error=31536000).<br>
> > > Thus, stale-if-error should have no relevant effect.<br>
> > ><br>
> > > Something else is probably preventing your Squid<br>
> from serving<br>
> > > the stale<br>
> > > response when facing a 5xx error. I do not know<br>
> what that<br>
> > > something is.<br>
> > ><br>
> > > I recommend sharing (privately if you need to protect<br>
> > sensitive<br>
> > > info) a<br>
> > > pointer to a compressed ALL,9 cache.log collected<br>
> while<br>
> > > reproducing the<br>
> > > problem (using two transactions similar to the<br>
> ones you<br>
> > have shared<br>
> > > below -- a successful stale hit and a problematic<br>
> one):<br>
> > ><br>
> ><br>
> <a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a> <<a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a>> <<a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a> <<a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a>>> <<a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a> <<a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a>> <<a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a> <<a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a>>>><br>
> > ><br>
> > > Alternatively, you can try to study cache.log<br>
> yourself after<br>
> > > setting<br>
> > > debug_options to ALL,3. Searching for "refresh" and<br>
> > > "handleIMSReply" may<br>
> > > yield enough clues.<br>
> > ><br>
> > ><br>
> > > HTH,<br>
> > ><br>
> > > Alex.<br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > > > # /etc/squid/squid.conf :<br>
> > > ><br>
> > > > acl to_aws dstdomain .<a href="http://amazonaws.com" rel="noreferrer" target="_blank">amazonaws.com</a><br>
> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a>><br>
> > <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a>>><br>
> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a>> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a><br>
> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a>>>><br>
> > > <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a>><br>
> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a>>><br>
> > <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a>><br>
> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a> <<a href="http://amazonaws.com" rel="noreferrer" target="_blank">http://amazonaws.com</a>>>>><br>
> > > ><br>
> > > > acl from_local src localhost<br>
> > > ><br>
> > > > http_access allow to_aws<br>
> > > ><br>
> > > > http_access allow from_local<br>
> > > ><br>
> > > > cache allow all<br>
> > > ><br>
> > > > cache_dir ufs /var/cache/squid 1024 16 256<br>
> > > ><br>
> > > > http_port 3129 ssl-bump cert=/etc/squid/maul.pem<br>
> > > > generate-host-certificates=on<br>
> > dynamic_cert_mem_cache_size=4MB<br>
> > > ><br>
> > > > sslcrtd_program<br>
> /usr/lib/squid/security_file_certgen -s<br>
> > > > /var/lib/squid/ssl_db -M 4MB<br>
> > > ><br>
> > > > acl step1 at_step SslBump1<br>
> > > ><br>
> > > > ssl_bump bump step1<br>
> > > ><br>
> > > > ssl_bump bump all<br>
> > > ><br>
> > > > sslproxy_cert_error deny all<br>
> > > ><br>
> > > > cache_store_log stdio:/var/log/squid/store.log<br>
> > > ><br>
> > > > logfile_rotate 0<br>
> > > ><br>
> > > > shutdown_lifetime 3 seconds<br>
> > > ><br>
> > > ><br>
> > > > # /usr/bin/proxy-test :<br>
> > > ><br>
> > > > #!/bin/bash<br>
> > > ><br>
> > > > curl --proxy <a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a><br>
> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a>><br>
> > <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a>>><br>
> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a>><br>
> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a>>>><br>
> > > <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a>><br>
> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a>>><br>
> > <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a>><br>
> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a> <<a href="http://localhost:3129" rel="noreferrer" target="_blank">http://localhost:3129</a>>>>> \<br>
> > > ><br>
> > > > --cacert /etc/squid/stuff.pem \<br>
> > > ><br>
> > > > -v<br>
> > "<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a>>><br>
> > > <br>
> <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a>>>><br>
> > > ><br>
> <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a>>><br>
> > > <br>
> <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/api/v1/stuff/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/api/v1/stuff/stuff.json</a>>>>>" \<br>
> > > ><br>
> > > > -H "Authorization: token MYTOKEN" \<br>
> > > ><br>
> > > > -H "Content-Type: application/json" \<br>
> > > ><br>
> > > > --output "/tmp/stuff.json"<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > Tests ..........<br>
> > > ><br>
> > > ><br>
> > > > At this point in time the network cable is<br>
> > unattached. Squid<br>
> > > returns<br>
> > > > the cached object it got when the network was<br>
> online<br>
> > earlier.<br>
> > > The Age of<br>
> > > > this object is just still under the max_age of<br>
> 3600.<br>
> > > Previously I<br>
> > > > was using offline_mode but I found that it did<br>
> not try to<br>
> > > revalidate<br>
> > > > from the origin after the object expired<br>
> (defined via<br>
> > max-age<br>
> > > response).<br>
> > > > My understanding is that stale-if-error<br>
> should work<br>
> > under my<br>
> > > > circumstances.<br>
> > > ><br>
> > > ><br>
> > > > # /var/log/squid/access.log<br>
> > > ><br>
> > > > 1706799404.440 6 127.0.0.1 NONE_NONE/200 0<br>
> CONNECT<br>
> > > > <a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>><br>
> > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>>> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>><br>
> > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>>>><br>
> > > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>><br>
> > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>>><br>
> > > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>><br>
> > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>>>>> - HIER_NONE/- -<br>
> > > ><br>
> > > > 1706799404.440 0 127.0.0.1 TCP_MEM_HIT/200<br>
> 20726 GET<br>
> > > > <a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>>><br>
> > > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>>>><br>
> > > > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>>><br>
> > > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>>>>> - HIER_NONE/-<br>
> > > application/json<br>
> > > ><br>
> > > ><br>
> > > > # extract from /usr/bin/proxy-test<br>
> > > ><br>
> > > > < HTTP/1.1 200 OK<br>
> > > ><br>
> > > > < Date: Thu, 01 Feb 2024 13:57:11 GMT<br>
> > > ><br>
> > > > < Content-Type: application/json<br>
> > > ><br>
> > > > < Content-Length: 20134<br>
> > > ><br>
> > > > < x-amzn-RequestId:<br>
> 3a2d3b26-df73-4b30-88cb-1a9268fa0df2<br>
> > > ><br>
> > > > < Last-Modified: 2024-02-01T13:00:45.000Z<br>
> > > ><br>
> > > > < Access-Control-Allow-Origin: *<br>
> > > ><br>
> > > > < x-amz-apigw-id: SdZwpG7qiYcERUQ=<br>
> > > ><br>
> > > > < Cache-Control: public, max-age=3600,<br>
> > stale-if-error=31536000<br>
> > > ><br>
> > > > < ETag: "cec102b43372840737ab773c2e77858b"<br>
> > > ><br>
> > > > < X-Amzn-Trace-Id:<br>
> > Root=1-65bba337-292be751134161b03555cdd6<br>
> > > ><br>
> > > > < Age: 3573<br>
> > > ><br>
> > > > < X-Cache: HIT from labs-maul-st-31<br>
> > > ><br>
> > > > < X-Cache-Lookup: HIT from labs-maul-st-31:3129<br>
> > > ><br>
> > > > < Via: 1.1 labs-maul-st-31 (squid/5.7)<br>
> > > ><br>
> > > > < Connection: keep-alive<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > Below .. the curl script executes again. The<br>
> Age has gone<br>
> > > over the<br>
> > > > max-age so squid attempted to refresh from the<br>
> > origin. The<br>
> > > machine is<br>
> > > > still offline so the refresh failed. I<br>
> expected that the<br>
> > > > stale-if-error response would instruct squid to<br>
> return the<br>
> > > cached object<br>
> > > > as a 200.<br>
> > > ><br>
> > > ><br>
> > > > # /var/log/squid/access.log<br>
> > > ><br>
> > > > 1706799434.464 5 127.0.0.1 NONE_NONE/200 0<br>
> CONNECT<br>
> > > > <a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>><br>
> > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>>> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>><br>
> > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>>>><br>
> > > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>><br>
> > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>>><br>
> > > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>><br>
> > <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a><br>
> <<a href="http://stuff.amazonaws.com:443" rel="noreferrer" target="_blank">http://stuff.amazonaws.com:443</a>>>>> - HIER_NONE/- -<br>
> > > ><br>
> > > > 1706799434.464 0 127.0.0.1<br>
> > TCP_REFRESH_FAIL_ERR/502 4235<br>
> > > GET<br>
> > > > <a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>>><br>
> > > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>>>><br>
> > > > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>>><br>
> > > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>><br>
> > <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a><br>
> <<a href="https://stuff.amazonaws.com/stuff.json" rel="noreferrer" target="_blank">https://stuff.amazonaws.com/stuff.json</a>>>>> - HIER_NONE/- text/html<br>
> > > ><br>
> > > ><br>
> > > > # extract from /usr/bin/proxy-test<br>
> > > ><br>
> > > > < HTTP/1.1 502 Bad Gateway<br>
> > > ><br>
> > > > < Server: squid/5.7<br>
> > > ><br>
> > > > < Mime-Version: 1.0<br>
> > > ><br>
> > > > < Date: Thu, 01 Feb 2024 14:57:14 GMT<br>
> > > ><br>
> > > > < Content-Type: text/html;charset=utf-8<br>
> > > ><br>
> > > > < Content-Length: 3853<br>
> > > ><br>
> > > > < X-Squid-Error: ERR_READ_ERROR 0<br>
> > > ><br>
> > > > < Vary: Accept-Language<br>
> > > ><br>
> > > > < Content-Language: en<br>
> > > ><br>
> > > > < X-Cache: MISS from labs-maul-st-31<br>
> > > ><br>
> > > > < X-Cache-Lookup: HIT from labs-maul-st-31:3129<br>
> > > ><br>
> > > > < Via: 1.1 labs-maul-st-31 (squid/5.7)<br>
> > > ><br>
> > > > < Connection: close<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > Hope someone can help me with this. All the best,<br>
> > > ><br>
> > > ><br>
> > > > Robin Carlisle<br>
> <br>
<br>
</blockquote></div>