[squid-users] TCP_DENIED and TCP_MISS_ABORTED
Amos Jeffries
squid3 at treenet.co.nz
Thu Feb 26 04:26:06 UTC 2015
On 26/02/2015 8:44 a.m., Mike wrote:
> We have recently been seeing this error on squid where one site that our
> users need access to is not loading at all.
>
> 1424889858.688 0 127.0.0.1 TCP_DENIED/407 3968 GET
> http://www.afa.net/ - HIER_NONE/- text/html
> 1424889878.725 20014 127.0.0.1 TCP_MISS_ABORTED/000 0 GET
> http://www.afa.net/ testuser1 HIER_DIRECT/66.210.221.116
>
> [root at xeserver squid]# squid -v
> Squid Cache: Version 3.4.7
>
> Attempted to add an acl:
> acl allowafa dstdomain .afa.net .afastore.net
> http_access allow allowafa
>
> but this did not fix it.
>
> I understand the /407 as it related to http access means proxy
> authentication required, which is what every customer does when the
> browser is opened up, so authentication is already done
That does not follow from the 407. In fact it means exactly the opposite
- authentication *not* done.
The existence of "testuser1" information is what tells that
authentication is done.
> and active in
> the server, otherwise other websites would not be loading either.
>
> All other sites we need access to work fine, it is just something about
> this one... Any suggestions?
ABORTED means the client disconnected. As they are able to do at any
time. This particular transaction tool 20 seconds and transferred 0
bytes to the client. No surprise they give up and disconnect.
The usual culprits are:
* broken Path-MTU discovery
* broken ECMP support
* Expect:100-continue
* broken TCP ECN support
* TCP window scaling
The 100-continue problem could be from the client, but the rest for your
case will be happening between Squid and server somewhere (if at all).
Amos
More information about the squid-users
mailing list