<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-GB" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">To test, I changed the parent url to my blog.. and was able to download an item there via squid-cache.. so the issue seems to be when downloading from a parent which requires authentication.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">Regards,
<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">Ben.
</span><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="color:black">From:
</span></b><span style="color:black">Ben Toms <ben@macmule.com><br>
<b>Date: </b>Friday, 12 July 2024 at 10:29<br>
<b>To: </b>squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>
<b>Subject: </b>TCP_MISS_ABORTED/502<o:p></o:p></span></p>
</div>
<div>
<div id="mail-editor-reference-message-container">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Hi Amos,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">I made the changes suggested, biut still getting TCP_MISS_ABORTED/502.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The test I’m performing is via a simple curl:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">curl <a href="https://local.server.fqdn/some/file/path">
https://local.server.fqdn/some/file/path</a> -H "Authorization: Basic base64_auth" -o ~/Downloads/test</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The Apache logs for the parent (<span style="color:#212121">public.server.fqdn), show:</span></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#212121"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">[12/Jul/2024:10:16:09 +0100] "GET /some/file/path HTTP/1.1" 200 10465 "-" "curl/8.7.1"</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">So, Apache on the parent is responding with a 200.. and if I mess around with the curl commands base64_auth I get 401’s as expected in the parents Apache logs.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">However, squids access.log still shows:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">1720775769.417 49 192.168.0.156 TCP_MISS_ABORTED/502 3974 GET
<a href="https://local.server.fqdn/some/file/path">https://local.server.fqdn/some/file/path</a> - FIRSTUP_PARENT/public.ip.of.public.server text/html</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Squid.conf is now:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">https_port 443 accel protocol=HTTPS tls-cert=/usr/local/squid/client.pem tls-key=/usr/local/squid/client.key</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">cache_peer public.server.fqdn parent 443 0 no-query originserver no-digest no-netdb-exchange tls login=PASSTHRU name=myAccel forceddomain=uk-dist-a.datajar.mobi</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">acl our_sites dstdomain local.server.fqdn</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">http_access allow our_sites</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">cache_peer_access myAccel allow our_sites</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">cache_peer_access myAccel deny all</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">refresh_pattern -i public.server.fqdn/* 3600 80% 14400</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">cache_dir ufs /usr/local/squid/var/cache 100000 16 256</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The file I’m attempting to cache with the above curl command is 6.5kb only.. have tried others to no avail.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">It seems like squid doesn’t want to cache, and it’s not advising the client to wait as it caches.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>