
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Aptos;

        panose-1:2 11 0 4 2 2 2 2 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        font-size:12.0pt;

        font-family:"Aptos",sans-serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

span.EmailStyle19

        {mso-style-type:personal-reply;

        font-family:"Aptos",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;

        mso-ligatures:none;}

@page WordSection1

        {size:612.0pt 792.0pt;

        margin:72.0pt 72.0pt 72.0pt 72.0pt;}

div.WordSection1

        {page:WordSection1;}

--></style>

</head>

<body lang="EN-GB" link="blue" vlink="purple" style="word-wrap:break-word">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">So, with the below config:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">https_port 443 accel protocol=HTTPS tls-cert=/usr/local/squid/client.pem tls-key=/usr/local/squid/client.key<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">cache_peer public.server.fqdn parent 443 0 no-query originserver no-digest no-netdb-exchange tls login=PASSTHRU name=myAccel forceddomain=public.server.fqdn<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">acl our_sites dstdomain local.server.fqdn<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">http_access allow our_sites<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">cache_peer_access myAccel allow our_sites<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">cache_peer_access myAccel deny all<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">cache_dir ufs /usr/local/squid/var/cache 100000 16 256<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">cache_mem 500 MB<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">maximum_object_size_in_memory 50000 KB<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">refresh_pattern .               0       20%     4320<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">debug_options 11,2<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">I can see the below in /var/log/squid/cache.log<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">----------<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">2024/07/12 16:49:57.056 kid1| 11,2| http.cc(1263) readReply: conn12 local=client.ip:56670 remote=public.ip.of.public.server:443 FIRSTUP_PARENT FD 14 flags=1: read failure: (0) No

 error.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(273) sendStartOfMessage: HTTP Client conn9 local=client.ip:443 remote=local.server.ip:59158 FD 13 flags=1<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(274) sendStartOfMessage: HTTP Client REPLY:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">---------<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">HTTP/1.1 502 Bad Gateway<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Server: squid/6.6<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Mime-Version: 1.0<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Date: Fri, 12 Jul 2024 16:49:57 GMT<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Content-Type: text/html;charset=utf-8<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Content-Length: 3629<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">X-Squid-Error: ERR_READ_ERROR 0<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Vary: Accept-Language<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Content-Language: en<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Cache-Status: local.server;detail=mismatch<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Via: 1.1 local.server (squid/6.6)<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Connection: keep-alive<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">----------<o:p></o:p></span></p>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">The apache server still shows a 200 for the request:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">[12/Jul/2024:17:49:57 +0100] "GET /path/to/file HTTP/1.1" 200 10465 "-" "curl/8.7.1"<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">And this is when testing via:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">curl -D -

<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a> -H "Authorization: Basic base64auth" -o /dev/null<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">Regards,

<o:p></o:p></span></p>

</div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">Ben.

</span><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<div id="mail-editor-reference-message-container">

<div>

<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="color:black">From:

</span></b><span style="color:black">Alex Rousskov <rousskov@measurement-factory.com><br>

<b>Date: </b>Friday, 12 July 2024 at 17:36<br>

<b>To: </b>Ben Toms <ben@macmule.com>, squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>

<b>Subject: </b>Re: [squid-users] TCP_MISS_ABORTED/502<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:11.0pt">On 2024-07-12 12:14, Ben Toms wrote:<br>

<br>

> Which log should those be found?<br>

<br>

cache.log (if they are present)<br>

<br>

<br>

> Can’t see “HTTP Server RESPONSE” in the access.log or cache.log.<br>

<br>

Sigh. This is one of the reasons I avoid asking folks to study logs <br>

themselves, even ALL,2 logs...<br>

<br>

If that line is not in cache.log, then child Squid probably did not <br>

receive a response from parent Squid, or could not parse that response. <br>

A full debugging log should give us more information.<br>

<br>

Alex.<br>

<br>

<br>

> *From: *squid-users <squid-users-bounces@lists.squid-cache.org> on <br>

> behalf of Alex Rousskov <rousskov@measurement-factory.com><br>

> *Date: *Friday, 12 July 2024 at 17:11<br>

> *To: *squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>

> *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502<br>

> <br>

> On 2024-07-12 11:38, Ben Toms wrote:<br>

>> Think I made the changes Alex requested:<br>

>> <br>

>> 12/Jul/2024:15:36:31 +0000.640 local.server.ip TCP_MISS_ABORTED/502 3974 <br>

>> GET <a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>

<br>

> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>> -<br>

>> FIRSTUP_PARENT/public.ip.of.public.server text/html <br>

>> ERR_READ_ERROR/WITH_SERVER<br>

> <br>

> Thank you for using Squid v6 for this test.<br>

> <br>

> Unfortunately, due to Squid logging bugs, ERR_READ_ERROR/WITH_SERVER<br>

> does not always mean what it says. For example, parent Squid could have<br>

> closed the child-parent connection prematurely, but there could be other<br>

> reasons. A full debugging log should give us more information.<br>

> <br>

> <br>

>> 2024/07/12 14:57:08.678 kid1| 11,2| Stream.cc(274) sendStartOfMessage: <br>

>> HTTP Client REPLY:<br>

> <br>

> This is a child proxy response to the client. We need parent response to<br>

> the child proxy. Look for "HTTP Server RESPONSE" lines instead.<br>

> <br>

> <br>

> HTH,<br>

> <br>

> Alex.<br>

> <br>

> <br>

> <br>

>> ---------<br>

>> <br>

>> HTTP/1.1 502 Bad Gateway<br>

>> <br>

>> Server: squid/6.6<br>

>> <br>

>> Mime-Version: 1.0<br>

>> <br>

>> Date: Fri, 12 Jul 2024 14:57:08 GMT<br>

>> <br>

>> Content-Type: text/html;charset=utf-8<br>

>> <br>

>> Content-Length: 3629<br>

>> <br>

>> X-Squid-Error: ERR_READ_ERROR 0<br>

>> <br>

>> Vary: Accept-Language<br>

>> <br>

>> Content-Language: en<br>

>> <br>

>> Cache-Status: squid.host;detail=mismatch<br>

>> <br>

>> Via: 1.1 squid.host (squid/6.6)<br>

>> <br>

>> Connection: keep-alive<br>

>> <br>

>> ----------<br>

>> <br>

>> Regards,<br>

>> <br>

>> Ben.<br>

>> <br>

>> *From: *squid-users <squid-users-bounces@lists.squid-cache.org> on <br>

>> behalf of Amos Jeffries <squid3@treenet.co.nz><br>

>> *Date: *Friday, 12 July 2024 at 15:22<br>

>> *To: *squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>

>> *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502<br>

>> <br>

>> <br>

>> On 13/07/24 01:52, Alex Rousskov wrote:<br>

>>> On 2024-07-12 08:06, Ben Toms wrote:<br>

>>>> Seems that my issue is similar to - <br>

>>>> <a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">

https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a> <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>

 <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>><br>

>>> <br>

>>> You are facing up to two problems:<br>

>>> <br>

>>> 1. Some authenticated responses are not cachable by Squid. Please share <br>

>>> HTTP headers of the response in question.<br>

>>> <br>

>> <br>

>> FYI, those can be obtained by configuring squid.conf with<br>

>> <br>

>>     debug_options 11,2<br>

>> <br>

>> <br>

>> Cheers<br>

>> Amos<br>

>> <br>

>> <br>

>>> 2. TCP_MISS_ABORTED/502 errors may delete a being-cached response. These <br>

>>> can be bogus errors (essentially Squid logging bugs) or real ones (e.g., <br>

>>> due to communication bugs, misconfiguration, or compatibility problems). <br>

>>> I recommend adding %err_code/%err_detail to your logformat and sharing <br>

>>> the corresponding access.log lines (obfuscated as needed).<br>

>>> <br>

>>> Sharing (privately if needed) a pointer to compressed ALL,9 cache.log <br>

>>> while reproducing the issue using a single transaction may help us <br>

>>> resolve all the unknowns:<br>

>>> <br>

>>> <a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction">

https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a> <<a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a>>

 <https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction <<a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a>>><br>

>>> <br>

>>> <br>

>>> HTH,<br>

>>> <br>

>>> Alex.<br>

>>> <br>

>>> <br>

>> <br>

>> <br>

>> _______________________________________________<br>

>> squid-users mailing list<br>

>> squid-users@lists.squid-cache.org<br>

>> <a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>

<br>

> <<a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>><br>

>> <https://lists.squid-cache.org/listinfo/squid-users <br>

> <<a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>>><br>

>> <br>

>> <br>

>> _______________________________________________<br>

>> squid-users mailing list<br>

>> squid-users@lists.squid-cache.org<br>

>> <a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>

<br>

> <<a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>><br>

> <br>

> _______________________________________________<br>

> squid-users mailing list<br>

> squid-users@lists.squid-cache.org<br>

> <a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>

<br>

> <<a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>><br>

> <o:p></o:p></span></p>

</div>

</div>

</div>

</div>

</body>

</html>