<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-GB" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Thanks, Alex.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">Nothing jumps out in the logs when set to ALL, 9.. redacted snippet below:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.072 kid1| 11,5| http.cc(1181) readReply: conn12 local=squid.cache.ip:57824 remote=origin.server.ip:443 FIRSTUP_PARENT
FD 14 flags=1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.072 kid1| 11,7| http.cc(1674) canBufferMoreReplyBytes: yes, may read up to 65536 into 0/23<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.072 kid1| 24,8| SBuf.cc(880) cow: SBuf5269 new size:65536<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.072 kid1| 24,8| SBuf.cc(847) reAlloc: SBuf5269 new size: 65536<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.072 kid1| 24,9| MemBlob.cc(54) MemBlob: constructed, this=0x568b12912270 id=blob1461 reserveSize=65536<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 24,8| MemBlob.cc(99) memAlloc: blob1461 memAlloc: requested=65536, received=65536<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 24,7| SBuf.cc(859) reAlloc: SBuf5269 new store capacity: 65536<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 11,7| http.cc(1694) maybeMakeSpaceAvailable: may read up to 65536 bytes info buffer (0/65536) from conn12
local=squid.cache.ip:57824 remote=origin.server.ip:443 FIRSTUP_PARENT FD 14 flags=1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 45,9| cbdata.cc(228) cbdataInternalLock: 0x568b1291d588=9<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 24,7| SBuf.cc(160) rawSpace: reserving 65536 for SBuf5269<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 24,7| SBuf.cc(167) rawSpace: SBuf5269 not growing<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 24,8| SBuf.cc(139) rawAppendStart: SBuf5269 start appending up to 65536 bytes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 83,3| Session.cc(36) tls_read_method: started for session=0x568b1290d5e0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 5,3| Read.cc(93) ReadNow: conn12 local=squid.cache.ip:57824 remote=origin.server.ip:443 FIRSTUP_PARENT
FD 14 flags=1, size 65536, retval -28, errno 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 5,3| Read.cc(107) ReadNow: conn12 local=squid.cache.ip:57824 remote=origin.server.ip:443 FIRSTUP_PARENT
FD 14 flags=1 Comm::COMM_ERROR: (0) No error.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 11,2| http.cc(1263) readReply: conn12 local=squid.cache.ip:57824 remote=origin.server.ip:443 FIRSTUP_PARENT
FD 14 flags=1: read failure: (0) No error.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 45,9| cbdata.cc(168) cbdataInternalAlloc: Allocating 0x568b1291cc18<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 24,8| SBuf.cc(30) SBuf: SBuf5291 created<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">2024/07/16 09:13:18.073 kid1| 17,3| FwdState.cc(471) fail: ERR_READ_ERROR "Bad Gateway"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">
<a href="https://origin.server.fqdn/path/to/file">https://origin.server.fqdn/path/to/file</a></span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US">As we’re sadly not progressing.. I think we’ll pivot to building our own thing to more closely match our requirements.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US">Thanks to yourself and Amos for responding.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">Regards,
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">Ben.
</span><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="color:black">From:
</span></b><span style="color:black">squid-users <squid-users-bounces@lists.squid-cache.org> on behalf of Alex Rousskov <rousskov@measurement-factory.com><br>
<b>Date: </b>Monday, 15 July 2024 at 19:38<br>
<b>To: </b>squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>
<b>Subject: </b>Re: [squid-users] TCP_MISS_ABORTED/502<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">On 2024-07-13 16:02, Ben Toms wrote:<br>
<br>
> with debug_options ALL,4 set.. the cache.log shows:<br>
<br>
> 2024/07/13 18:55:03.595 kid1| 5,3| Read.cc(93) ReadNow: conn17 <br>
> local=squid.cache.ip:37046 remote=origin.server.ip:443 FIRSTUP_PARENT FD <br>
> 14 flags=1, size 65536, retval -28, errno 0<br>
<br>
> 2024/07/13 18:55:03.595 kid1| 17,3| FwdState.cc(471) fail: <br>
> ERR_READ_ERROR "Bad Gateway"<br>
<br>
<br>
> Still need to dig in more.. but the true error seems to be: <br>
> ERR_READ_ERROR "Bad Gateway"<br>
<br>
AFAICT, the underlying error happens a bit earlier (probably at TLS <br>
layer), just before the "retval -28" line above. Official high-level <br>
Squid code that produced the above log lines does not detail those TLS <br>
errors. I do not know what went wrong between Squid and Apache.<br>
<br>
Going forward, I see four options:<br>
<br>
A) Examine origin logs. It is likely that Apache logs what is going <br>
wrong with that TLS session from httpd point of view.<br>
<br>
B) (Privately) examine Squid ALL,9 logs. Squid OpenSSL integration code <br>
might log something relevant to this context.<br>
<br>
C) Examine Squid-origin packet capture. If you supply TLS master keys to <br>
Wireshark or a similar tool, you may be able to see a relevant TLS alert <br>
in that TLS stream.<br>
<br>
D) Find somebody to patch Squid source code to add more debugging info <br>
if (B) did not produce enough new/usable hints.<br>
<br>
<br>
HTH,<br>
<br>
Alex.<br>
<br>
> *From: *Ben Toms <ben@macmule.com><br>
> *Date: *Saturday, 13 July 2024 at 13:04<br>
> *To: *Alex Rousskov <rousskov@measurement-factory.com><br>
> *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502<br>
> <br>
> Well.. tried with cache-control headers added to the apache servers <br>
> responses.. and still no luck (header response below).<br>
> <br>
> Date: Sat, 13 Jul 2024 12:00:02 GMT<br>
> <br>
> Server: Apache<br>
> <br>
> Last-Modified: Thu, 20 Jun 2024 13:57:21 GMT<br>
> <br>
> ETag: "152c-61b52b19bbd2a"<br>
> <br>
> Accept-Ranges: bytes<br>
> <br>
> Content-Length: 5420<br>
> <br>
> Cache-Control: max-age=84600, public<br>
> <br>
> Connection: close<br>
> <br>
> I’ve tried a few other sites and the issue seems to be when attempting <br>
> to cache an item which requires authentication. Which is bizarre, as the <br>
> apache server is showing files are being downloaded.. yet squid-cache is <br>
> still erroring with TCP_MISS_ABORTED/502.<br>
> <br>
> Regards,<br>
> <br>
> Ben.<br>
> <br>
> *From: *Alex Rousskov <rousskov@measurement-factory.com><br>
> *Date: *Friday, 12 July 2024 at 22:54<br>
> *To: *Ben Toms <ben@macmule.com><br>
> *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502<br>
> <br>
> On 2024-07-12 14:31, Ben Toms wrote:<br>
> <br>
>> So this squid cache is the parent (which might speak to me <br>
>> misconfiguring squid).<br>
>> <br>
>> It’s setup as an accelerator for the public server.<br>
> <br>
> Ah, I see. Sorry I forgot or misinterpreted that part. Too many balls in<br>
> the air.<br>
> <br>
> Right now, it sounds like origin sent 200 OK, but Squid could not even<br>
> parse that response header, which is rather unusual/rare. However, that<br>
> theory is based on your interpretation of ALL,2 logs, so there may be<br>
> more to the story here.<br>
> <br>
> <br>
>> When I curl the public server direct, there are no cache control headers.<br>
> <br>
> Understood. I suspect Squid will not cache such authenticated responses<br>
> by default (even after Squid starts to receive them), but I have not<br>
> checked all the relevant details.<br>
> <br>
> <br>
> Cheers,<br>
> <br>
> Alex.<br>
> <br>
> <br>
>> On Fri, 12 Jul 2024 at 19:15, Alex Rousskov wrote:<br>
>> <br>
>> On 2024-07-12 13:38, Ben Toms wrote:<br>
>> <br>
>> > Where would I find those headers?<br>
>> <br>
>> If you have access to the parent Squid proxy, they will be in its<br>
>> debugging cache.log. You can also get them by capturing network packets<br>
>> between the parent Squid and origin, but for HTTPS traffic that<br>
>> requires<br>
>> giving Wireshark the associated master keys, which may be possible with<br>
>> Squid v6, but not trivial (see tls_key_log in Squid; Apache may have<br>
>> better support for this). Finally, one can configure Apache to log them<br>
>> (sorry, I do not remember the details).<br>
>> <br>
>> Again, the child Squid does not see these headers yet (AFAICT), so they<br>
>> are not the reason things do not currently "work" in your tests.<br>
>> <br>
>> <br>
>> > Looking at the origin servers apache logs.. it’s sending a 200<br>
>> response.<br>
>> <br>
>> I am aware. We need the headers that go with that 200 OK response. For<br>
>> example, if it has Cache-Control:public, then Squid may be able to<br>
>> cache<br>
>> it despite authentication.<br>
>> <br>
>> <br>
>> HTH,<br>
>> <br>
>> Alex.<br>
>> <br>
>> <br>
>> > On Fri, 12 Jul 2024 at 18:26, Alex Rousskov wrote:<br>
>> ><br>
>> > On 2024-07-12 13:03, Ben Toms wrote:<br>
>> ><br>
>> > > So the issue seems to be caching content that requires<br>
>> authentication<br>
>> ><br>
>> > The client is getting an error response from Squid. That error is<br>
>> > probably not related to caching decisions. I do not recommend<br>
>> focusing<br>
>> > on caching at this stage of triage. I recommend addressing that<br>
>> > error first.<br>
>> ><br>
>> ><br>
>> > > The question here is, can squid cache items that require<br>
>> > authentication<br>
>> > > to access?<br>
>> ><br>
>> > Yes, in some cases. To know whether your case qualifies, I<br>
>> asked for<br>
>> > the<br>
>> > response headers. That led to the discovery that there are<br>
>> none (from<br>
>> > child Squid point of view). If you really want to investigate the<br>
>> > caching angle in parallel with solving<br>
>> ERR_READ_ERROR/WITH_SERVER, then<br>
>> > try to obtain HTTP response headers that the origin server<br>
>> responds (to<br>
>> > the parent cache) with.<br>
>> ><br>
>> ><br>
>> > HTH,<br>
>> ><br>
>> > Alex.<br>
>> ><br>
>> ><br>
>> > > *From: *Ben Toms <ben@macmule.com <mailto:ben@macmule.com <<a href="mailto:ben@macmule.com">mailto:ben@macmule.com</a>>><br>
>> <mailto:ben@macmule.com <mailto:ben@macmule.com <<a href="mailto:ben@macmule.com">mailto:ben@macmule.com</a>>>>><br>
>> > > *Date: *Friday, 12 July 2024 at 17:56<br>
>> > > *To: *Alex Rousskov <rousskov@measurement-factory.com<br>
>> <mailto:rousskov@measurement-factory.com <br>
> <<a href="mailto:rousskov@measurement-factory.com">mailto:rousskov@measurement-factory.com</a>>><br>
>> > <mailto:rousskov@measurement-factory.com<br>
>> <mailto:rousskov@measurement-factory.com <br>
> <<a href="mailto:rousskov@measurement-factory.com">mailto:rousskov@measurement-factory.com</a>>>>>,<br>
>> > > squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>><br>
>> > <mailto:squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>>><br>
>> > <squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>><br>
>> > <mailto:squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>>>><br>
>> > > *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502<br>
>> > ><br>
>> > > So, with the below config:<br>
>> > ><br>
>> > > https_port 443 accel protocol=HTTPS<br>
>> > tls-cert=/usr/local/squid/client.pem<br>
>> > > tls-key=/usr/local/squid/client.key<br>
>> > ><br>
>> > > cache_peer public.server.fqdn parent 443 0 no-query<br>
>> originserver<br>
>> > > no-digest no-netdb-exchange tls login=PASSTHRU name=myAccel<br>
>> > > forceddomain=public.server.fqdn<br>
>> > ><br>
>> > > acl our_sites dstdomain local.server.fqdn<br>
>> > ><br>
>> > > http_access allow our_sites<br>
>> > ><br>
>> > > cache_peer_access myAccel allow our_sites<br>
>> > ><br>
>> > > cache_peer_access myAccel deny all<br>
>> > ><br>
>> > > cache_dir ufs /usr/local/squid/var/cache 100000 16 256<br>
>> > ><br>
>> > > cache_mem 500 MB<br>
>> > ><br>
>> > > maximum_object_size_in_memory 50000 KB<br>
>> > ><br>
>> > > refresh_pattern . 0 20% 4320<br>
>> > ><br>
>> > > debug_options 11,2<br>
>> > ><br>
>> > > I can see the below in /var/log/squid/cache.log<br>
>> > ><br>
>> > > ----------<br>
>> > ><br>
>> > > 2024/07/12 16:49:57.056 kid1| 11,2| http.cc(1263)<br>
>> readReply: conn12<br>
>> > > local=client.ip:56670 remote=public.ip.of.public.server:443<br>
>> > > FIRSTUP_PARENT FD 14 flags=1: read failure: (0) No error.<br>
>> > ><br>
>> > > 2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(273)<br>
>> > sendStartOfMessage:<br>
>> > > HTTP Client conn9 local=client.ip:443<br>
>> > remote=local.server.ip:59158 FD 13<br>
>> > > flags=1<br>
>> > ><br>
>> > > 2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(274)<br>
>> > sendStartOfMessage:<br>
>> > > HTTP Client REPLY:<br>
>> > ><br>
>> > > ---------<br>
>> > ><br>
>> > > HTTP/1.1 502 Bad Gateway<br>
>> > ><br>
>> > > Server: squid/6.6<br>
>> > ><br>
>> > > Mime-Version: 1.0<br>
>> > ><br>
>> > > Date: Fri, 12 Jul 2024 16:49:57 GMT<br>
>> > ><br>
>> > > Content-Type: text/html;charset=utf-8<br>
>> > ><br>
>> > > Content-Length: 3629<br>
>> > ><br>
>> > > X-Squid-Error: ERR_READ_ERROR 0<br>
>> > ><br>
>> > > Vary: Accept-Language<br>
>> > ><br>
>> > > Content-Language: en<br>
>> > ><br>
>> > > Cache-Status: local.server;detail=mismatch<br>
>> > ><br>
>> > > Via: 1.1 local.server (squid/6.6)<br>
>> > ><br>
>> > > Connection: keep-alive<br>
>> > ><br>
>> > > ----------<br>
>> > ><br>
>> > > The apache server still shows a 200 for the request:<br>
>> > ><br>
>> > > [12/Jul/2024:17:49:57 +0100] "GET /path/to/file HTTP/1.1" 200<br>
>> > 10465 "-"<br>
>> > > "curl/8.7.1"<br>
>> > ><br>
>> > > And this is when testing via:<br>
>> > ><br>
>> > > curl -D - <a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>
<br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>><br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>><br>
>> > <https://local.server.fqdn/path/to/file<br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>>><br>
>> > > <https://local.server.fqdn/path/to/file<br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>><br>
>> > <https://local.server.fqdn/path/to/file<br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>>>> -H "Authorization: Basic<br>
>> > > base64auth" -o /dev/null<br>
>> > ><br>
>> > > Regards,<br>
>> > ><br>
>> > > Ben.<br>
>> > ><br>
>> > > *From: *Alex Rousskov <rousskov@measurement-factory.com<br>
>> <mailto:rousskov@measurement-factory.com <br>
> <<a href="mailto:rousskov@measurement-factory.com">mailto:rousskov@measurement-factory.com</a>>><br>
>> > <mailto:rousskov@measurement-factory.com<br>
>> <mailto:rousskov@measurement-factory.com <br>
> <<a href="mailto:rousskov@measurement-factory.com">mailto:rousskov@measurement-factory.com</a>>>>><br>
>> > > *Date: *Friday, 12 July 2024 at 17:36<br>
>> > > *To: *Ben Toms <ben@macmule.com <mailto:ben@macmule.com <<a href="mailto:ben@macmule.com">mailto:ben@macmule.com</a>>><br>
>> <mailto:ben@macmule.com <mailto:ben@macmule.com <<a href="mailto:ben@macmule.com">mailto:ben@macmule.com</a>>>>>,<br>
>> > squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>><br>
>> > <mailto:squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>>><br>
>> > > <squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>><br>
>> > <mailto:squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>>>><br>
>> > > *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502<br>
>> > ><br>
>> > > On 2024-07-12 12:14, Ben Toms wrote:<br>
>> > ><br>
>> > >> Which log should those be found?<br>
>> > ><br>
>> > > cache.log (if they are present)<br>
>> > ><br>
>> > ><br>
>> > >> Can’t see “HTTP Server RESPONSE” in the access.log or<br>
>> cache.log.<br>
>> > ><br>
>> > > Sigh. This is one of the reasons I avoid asking folks to<br>
>> study logs<br>
>> > > themselves, even ALL,2 logs...<br>
>> > ><br>
>> > > If that line is not in cache.log, then child Squid<br>
>> probably did not<br>
>> > > receive a response from parent Squid, or could not parse that<br>
>> > response.<br>
>> > > A full debugging log should give us more information.<br>
>> > ><br>
>> > > Alex.<br>
>> > ><br>
>> > ><br>
>> > >> *From: *squid-users<br>
>> <squid-users-bounces@lists.squid-cache.org<br>
>> <mailto:squid-users-bounces@lists.squid-cache.org <br>
> <<a href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>>><br>
>> > <mailto:squid-users-bounces@lists.squid-cache.org<br>
>> <mailto:squid-users-bounces@lists.squid-cache.org <br>
> <<a href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>>>>> on<br>
>> > >> behalf of Alex Rousskov <rousskov@measurement-factory.com<br>
>> <mailto:rousskov@measurement-factory.com <br>
> <<a href="mailto:rousskov@measurement-factory.com">mailto:rousskov@measurement-factory.com</a>>><br>
>> > <mailto:rousskov@measurement-factory.com<br>
>> <mailto:rousskov@measurement-factory.com <br>
> <<a href="mailto:rousskov@measurement-factory.com">mailto:rousskov@measurement-factory.com</a>>>>><br>
>> > >> *Date: *Friday, 12 July 2024 at 17:11<br>
>> > >> *To: *squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>><br>
>> > <mailto:squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>>><br>
>> > <squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>><br>
>> > <mailto:squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>>>><br>
>> > >> *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502<br>
>> > >><br>
>> > >> On 2024-07-12 11:38, Ben Toms wrote:<br>
>> > >>> Think I made the changes Alex requested:<br>
>> > >>><br>
>> > >>> 12/Jul/2024:15:36:31 +0000.640 local.server.ip<br>
>> > TCP_MISS_ABORTED/502 3974<br>
>> > >>> GET <a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>
<br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>><br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>><br>
>> > <https://local.server.fqdn/path/to/file<br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>>><br>
>> > > <https://local.server.fqdn/path/to/file<br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>><br>
>> > <https://local.server.fqdn/path/to/file<br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>>>><br>
>> > >> <https://local.server.fqdn/path/to/file<br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>><br>
>> > <https://local.server.fqdn/path/to/file<br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>>><br>
>> > > <https://local.server.fqdn/path/to/file<br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>><br>
>> > <https://local.server.fqdn/path/to/file<br>
>> <https://local.server.fqdn/path/to/file <br>
> <<a href="https://local.server.fqdn/path/to/file">https://local.server.fqdn/path/to/file</a>>>>>> -<br>
>> > >>> FIRSTUP_PARENT/public.ip.of.public.server text/html<br>
>> > >>> ERR_READ_ERROR/WITH_SERVER<br>
>> > >><br>
>> > >> Thank you for using Squid v6 for this test.<br>
>> > >><br>
>> > >> Unfortunately, due to Squid logging bugs,<br>
>> ERR_READ_ERROR/WITH_SERVER<br>
>> > >> does not always mean what it says. For example, parent Squid<br>
>> > could have<br>
>> > >> closed the child-parent connection prematurely, but there<br>
>> could<br>
>> > be other<br>
>> > >> reasons. A full debugging log should give us more<br>
>> information.<br>
>> > >><br>
>> > >><br>
>> > >>> 2024/07/12 14:57:08.678 kid1| 11,2| Stream.cc(274)<br>
>> > sendStartOfMessage:<br>
>> > >>> HTTP Client REPLY:<br>
>> > >><br>
>> > >> This is a child proxy response to the client. We need parent<br>
>> > response to<br>
>> > >> the child proxy. Look for "HTTP Server RESPONSE" lines<br>
>> instead.<br>
>> > >><br>
>> > >><br>
>> > >> HTH,<br>
>> > >><br>
>> > >> Alex.<br>
>> > >><br>
>> > >><br>
>> > >><br>
>> > >>> ---------<br>
>> > >>><br>
>> > >>> HTTP/1.1 502 Bad Gateway<br>
>> > >>><br>
>> > >>> Server: squid/6.6<br>
>> > >>><br>
>> > >>> Mime-Version: 1.0<br>
>> > >>><br>
>> > >>> Date: Fri, 12 Jul 2024 14:57:08 GMT<br>
>> > >>><br>
>> > >>> Content-Type: text/html;charset=utf-8<br>
>> > >>><br>
>> > >>> Content-Length: 3629<br>
>> > >>><br>
>> > >>> X-Squid-Error: ERR_READ_ERROR 0<br>
>> > >>><br>
>> > >>> Vary: Accept-Language<br>
>> > >>><br>
>> > >>> Content-Language: en<br>
>> > >>><br>
>> > >>> Cache-Status: squid.host;detail=mismatch<br>
>> > >>><br>
>> > >>> Via: 1.1 squid.host (squid/6.6)<br>
>> > >>><br>
>> > >>> Connection: keep-alive<br>
>> > >>><br>
>> > >>> ----------<br>
>> > >>><br>
>> > >>> Regards,<br>
>> > >>><br>
>> > >>> Ben.<br>
>> > >>><br>
>> > >>> *From: *squid-users<br>
>> <squid-users-bounces@lists.squid-cache.org<br>
>> <mailto:squid-users-bounces@lists.squid-cache.org <br>
> <<a href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>>><br>
>> > <mailto:squid-users-bounces@lists.squid-cache.org<br>
>> <mailto:squid-users-bounces@lists.squid-cache.org <br>
> <<a href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>>>>> on<br>
>> > >>> behalf of Amos Jeffries <squid3@treenet.co.nz<br>
>> <mailto:squid3@treenet.co.nz <<a href="mailto:squid3@treenet.co.nz">mailto:squid3@treenet.co.nz</a>>><br>
>> > <mailto:squid3@treenet.co.nz <mailto:squid3@treenet.co.nz <<a href="mailto:squid3@treenet.co.nz">mailto:squid3@treenet.co.nz</a>>>>><br>
>> > >>> *Date: *Friday, 12 July 2024 at 15:22<br>
>> > >>> *To: *squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>><br>
>> > <mailto:squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>>><br>
>> > <squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>><br>
>> > <mailto:squid-users@lists.squid-cache.org<br>
>> <mailto:squid-users@lists.squid-cache.org <br>
> <<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a>>>>><br>
>> > >>> *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502<br>
>> > >>><br>
>> > >>><br>
>> > >>> On 13/07/24 01:52, Alex Rousskov wrote:<br>
>> > >>>> On 2024-07-12 08:06, Ben Toms wrote:<br>
>> > >>>>> Seems that my issue is similar to -<br>
>> > >>>>><br>
>> ><br>
>> <a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">
https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a> <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <<a href="https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication">https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication</a>>>>>>><br>
>> > >>>><br>
>> > >>>> You are facing up to two problems:<br>
>> > >>>><br>
>> > >>>> 1. Some authenticated responses are not cachable by Squid.<br>
>> > Please share<br>
>> > >>>> HTTP headers of the response in question.<br>
>> > >>>><br>
>> > >>><br>
>> > >>> FYI, those can be obtained by configuring squid.conf with<br>
>> > >>><br>
>> > >>> debug_options 11,2<br>
>> > >>><br>
>> > >>><br>
>> > >>> Cheers<br>
>> > >>> Amos<br>
>> > >>><br>
>> > >>><br>
>> > >>>> 2. TCP_MISS_ABORTED/502 errors may delete a being-cached<br>
>> > response. These<br>
>> > >>>> can be bogus errors (essentially Squid logging bugs) or<br>
>> real<br>
>> > ones (e.g.,<br>
>> > >>>> due to communication bugs, misconfiguration, or<br>
>> compatibility<br>
>> > problems).<br>
>> > >>>> I recommend adding %err_code/%err_detail to your<br>
>> logformat and<br>
>> > sharing<br>
>> > >>>> the corresponding access.log lines (obfuscated as needed).<br>
>> > >>>><br>
>> > >>>> Sharing (privately if needed) a pointer to compressed ALL,9<br>
>> > cache.log<br>
>> > >>>> while reproducing the issue using a single transaction may<br>
>> > help us<br>
>> > >>>> resolve all the unknowns:<br>
>> > >>>><br>
>> > >>>><br>
>> ><br>
>> <a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction">
https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a><br>
<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
<a href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>