<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-GB" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">So, with the below config:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">https_port 443 accel protocol=HTTPS tls-cert=/usr/local/squid/client.pem tls-key=/usr/local/squid/client.key<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">cache_peer public.server.fqdn parent 443 0 no-query originserver no-digest no-netdb-exchange tls login=PASSTHRU name=myAccel forceddomain=public.server.fqdn<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">acl our_sites dstdomain local.server.fqdn<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">http_access allow our_sites<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">cache_peer_access myAccel allow our_sites<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">cache_peer_access myAccel deny all<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">cache_dir ufs /usr/local/squid/var/cache 100000 16 256<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">cache_mem 500 MB<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">maximum_object_size_in_memory 50000 KB<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">refresh_pattern . 0 20% 4320<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">debug_options 11,2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">I can see the below in /var/log/squid/cache.log<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">----------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">2024/07/12 16:49:57.056 kid1| 11,2| http.cc(1263) readReply: conn12 local=client.ip:56670 remote=public.ip.of.public.server:443 FIRSTUP_PARENT FD 14 flags=1: read failure: (0) No
error.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(273) sendStartOfMessage: HTTP Client conn9 local=client.ip:443 remote=local.server.ip:59158 FD 13 flags=1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(274) sendStartOfMessage: HTTP Client REPLY:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">---------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">HTTP/1.1 502 Bad Gateway<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Server: squid/6.6<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Mime-Version: 1.0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Date: Fri, 12 Jul 2024 16:49:57 GMT<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Content-Type: text/html;charset=utf-8<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Content-Length: 3629<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">X-Squid-Error: ERR_READ_ERROR 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Vary: Accept-Language<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Content-Language: en<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Cache-Status: local.server;detail=mismatch<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Via: 1.1 local.server (squid/6.6)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Connection: keep-alive<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">----------<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">The apache server still shows a 200 for the request:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">[12/Jul/2024:17:49:57 +0100] "GET /path/to/file HTTP/1.1" 200 10465 "-" "curl/8.7.1"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">And this is when testing via:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">curl -D -
<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a> -H "Authorization: Basic base64auth" -o /dev/null<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">Regards,
<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">Ben.
</span><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="color:black">From:
</span></b><span style="color:black">Alex Rousskov <rousskov@measurement-factory.com><br>
<b>Date: </b>Friday, 12 July 2024 at 17:36<br>
<b>To: </b>Ben Toms <ben@macmule.com>, squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>
<b>Subject: </b>Re: [squid-users] TCP_MISS_ABORTED/502<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:11.0pt">On 2024-07-12 12:14, Ben Toms wrote:<br>
<br>
> Which log should those be found?<br>
<br>
cache.log (if they are present)<br>
<br>
<br>
> Can’t see “HTTP Server RESPONSE” in the access.log or cache.log.<br>
<br>
Sigh. This is one of the reasons I avoid asking folks to study logs <br>
themselves, even ALL,2 logs...<br>
<br>
If that line is not in cache.log, then child Squid probably did not <br>
receive a response from parent Squid, or could not parse that response. <br>
A full debugging log should give us more information.<br>
<br>
Alex.<br>
<br>
<br>
> *From: *squid-users <squid-users-bounces@lists.squid-cache.org> on <br>
> behalf of Alex Rousskov <rousskov@measurement-factory.com><br>
> *Date: *Friday, 12 July 2024 at 17:11<br>
> *To: *squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>
> *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502<br>
> <br>
> On 2024-07-12 11:38, Ben Toms wrote:<br>
>> Think I made the changes Alex requested:<br>
>> <br>
>> 12/Jul/2024:15:36:31 +0000.640 local.server.ip TCP_MISS_ABORTED/502 3974 <br>
>> GET <a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>
<br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>> -<br>
>> FIRSTUP_PARENT/public.ip.of.public.server text/html <br>
>> ERR_READ_ERROR/WITH_SERVER<br>
> <br>
> Thank you for using Squid v6 for this test.<br>
> <br>
> Unfortunately, due to Squid logging bugs, ERR_READ_ERROR/WITH_SERVER<br>
> does not always mean what it says. For example, parent Squid could have<br>
> closed the child-parent connection prematurely, but there could be other<br>
> reasons. A full debugging log should give us more information.<br>
> <br>
> <br>
>> 2024/07/12 14:57:08.678 kid1| 11,2| Stream.cc(274) sendStartOfMessage: <br>
>> HTTP Client REPLY:<br>
> <br>
> This is a child proxy response to the client. We need parent response to<br>
> the child proxy. Look for "HTTP Server RESPONSE" lines instead.<br>
> <br>
> <br>
> HTH,<br>
> <br>
> Alex.<br>
> <br>
> <br>
> <br>
>> ---------<br>
>> <br>
>> HTTP/1.1 502 Bad Gateway<br>
>> <br>
>> Server: squid/6.6<br>
>> <br>
>> Mime-Version: 1.0<br>
>> <br>
>> Date: Fri, 12 Jul 2024 14:57:08 GMT<br>
>> <br>
>> Content-Type: text/html;charset=utf-8<br>
>> <br>
>> Content-Length: 3629<br>
>> <br>
>> X-Squid-Error: ERR_READ_ERROR 0<br>
>> <br>
>> Vary: Accept-Language<br>
>> <br>
>> Content-Language: en<br>
>> <br>
>> Cache-Status: squid.host;detail=mismatch<br>
>> <br>
>> Via: 1.1 squid.host (squid/6.6)<br>
>> <br>
>> Connection: keep-alive<br>
>> <br>
>> ----------<br>
>> <br>
>> Regards,<br>
>> <br>
>> Ben.<br>
>> <br>
>> *From: *squid-users <squid-users-bounces@lists.squid-cache.org> on <br>
>> behalf of Amos Jeffries <squid3@treenet.co.nz><br>
>> *Date: *Friday, 12 July 2024 at 15:22<br>
>> *To: *squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>
>> *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502<br>
>> <br>
>> <br>
>> On 13/07/24 01:52, Alex Rousskov wrote:<br>
>>> On 2024-07-12 08:06, Ben Toms wrote:<br>
>>>> Seems that my issue is similar to - <br>
>>>> <a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">
https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a> <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>><br>
>>> <br>
>>> You are facing up to two problems:<br>
>>> <br>
>>> 1. Some authenticated responses are not cachable by Squid. Please share <br>
>>> HTTP headers of the response in question.<br>
>>> <br>
>> <br>
>> FYI, those can be obtained by configuring squid.conf with<br>
>> <br>
>> debug_options 11,2<br>
>> <br>
>> <br>
>> Cheers<br>
>> Amos<br>
>> <br>
>> <br>
>>> 2. TCP_MISS_ABORTED/502 errors may delete a being-cached response. These <br>
>>> can be bogus errors (essentially Squid logging bugs) or real ones (e.g., <br>
>>> due to communication bugs, misconfiguration, or compatibility problems). <br>
>>> I recommend adding %err_code/%err_detail to your logformat and sharing <br>
>>> the corresponding access.log lines (obfuscated as needed).<br>
>>> <br>
>>> Sharing (privately if needed) a pointer to compressed ALL,9 cache.log <br>
>>> while reproducing the issue using a single transaction may help us <br>
>>> resolve all the unknowns:<br>
>>> <br>
>>> <a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction">
https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a> <<a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a>>
<https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction <<a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a>>><br>
>>> <br>
>>> <br>
>>> HTH,<br>
>>> <br>
>>> Alex.<br>
>>> <br>
>>> <br>
>> <br>
>> <br>
>> _______________________________________________<br>
>> squid-users mailing list<br>
>> squid-users@lists.squid-cache.org<br>
>> <a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>
<br>
> <<a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>><br>
>> <https://lists.squid-cache.org/listinfo/squid-users <br>
> <<a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>>><br>
>> <br>
>> <br>
>> _______________________________________________<br>
>> squid-users mailing list<br>
>> squid-users@lists.squid-cache.org<br>
>> <a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>
<br>
> <<a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>><br>
> <br>
> _______________________________________________<br>
> squid-users mailing list<br>
> squid-users@lists.squid-cache.org<br>
> <a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>
<br>
> <<a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>><br>
> <o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>