[squid-users] Squid 5.2 TCP_MISS_ABORTED/100 erros when uploading

ngtech1ltd at gmail.com ngtech1ltd at gmail.com
Mon Aug 29 21:54:43 UTC 2022


Hey David,

This should do the trick for you:
https://www.ngtech.co.il/repo/alma/8/x86_64/

@Amos, 5.6 is not ready for OpenSSL 3 and there for cannot be compiled on RHEL 9 and similar.

Eliezer

* A rocky version should be available later on at: https://www.ngtech.co.il/repo/rocky/8/x86_64/

----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: mailto:ngtech1ltd at gmail.com
Web: https://ngtech.co.il/
My-Tube: https://tube.ngtech.co.il/

From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of David Ferreira
Sent: Monday, 29 August 2022 16:31
To: Amos Jeffries <squid3 at treenet.co.nz>
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid 5.2 TCP_MISS_ABORTED/100 erros when uploading

Hi Amos,

Thank you for the reply,

here's my squid.conf, by default our client's(localnet) do not have internet access and only match windows services acl's unless they are in authorizednet.conf, in this case that's the only match acl for the clients using this application, i also removed some of the includes i have, it's mostly random src to random dstdomain, the clients in question do not match this acl's at all.

---
squid 4.15 squid.conf:
---

logformat timereadable %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
access_log daemon:/var/log/squid/access.log timereadable

acl localnet src http://10.0.0.0/8     # RFC1918 possible internal network
acl localnet src http://172.16.0.0/12  # RFC1918 possible internal network
acl localnet src http://192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

include /etc/squid/acls/authorizednet.conf

acl SSL_ports port 443
acl SSL_ports port 8080
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl FTP_ports port 21 1025-65535
acl CONNECT method CONNECT

###BlockLists
include /etc/squid/acls/blocklists-remotes.conf
###Microsoft ATP
include /etc/squid/acls/atp.conf
###Windows Activation
include /etc/squid/acls/wactivate.conf
###No Windows Update
include /etc/squid/acls/nowupdate.conf
###Windows Update
include /etc/squid/acls/wupdate.conf

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager

http_access allow authorizednet
http_access allow localhost

http_access deny all

http_port 3128

cache_dir ufs /var/spool/squid 50000 16 256

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
max_filedesc 65535

maximum_object_size 10000 MB
range_offset_limit 10000 MB windowsupdate
quick_abort_min -1

refresh_pattern -i http://microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i http://windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i http://windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims

---
And here's squid 5.2 squid.conf, it's pretty much the same:
---

logformat timereadable %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
access_log daemon:/var/log/squid/access.log timereadable 
debug_options ALL,1 33,2 28,9

acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl localnet src http://10.0.0.0/8             # RFC 1918 local private network (LAN)
acl localnet src http://100.64.0.0/10          # RFC 6598 shared address space (CGN)
acl localnet src http://169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
acl localnet src http://172.16.0.0/12          # RFC 1918 local private network (LAN)
acl localnet src http://192.168.0.0/16         # RFC 1918 local private network (LAN)
acl localnet src fc00::/7               # RFC 4193 local private network range
acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines

include /etc/squid/acls/authorizednet.conf

acl SSL_ports port 443
acl SSL_ports port 8080
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl FTP_ports port 21 1025-65535

###BlockLists
include /etc/squid/acls/blocklists-remotes.conf
###Microsoft ATP
include /etc/squid/acls/atp.conf
###Windows Activation
include /etc/squid/acls/wactivate.conf
###No Windows Update
include /etc/squid/acls/nowupdate.conf
###Windows Update
include /etc/squid/acls/wupdate.conf

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager

http_access allow authorizednet 
http_access allow localhost

http_access deny all

http_port 3128 

cache_dir ufs /var/spool/squid 50000 16 256

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

maximum_object_size 10000 MB
range_offset_limit 10000 MB windowsupdate
quick_abort_min -1

refresh_pattern -i http://microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i http://windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i http://windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims


As for squid rocky linux packages information, here is the links:
Rocky 8 : https://almalinux.pkgs.org/8/almalinux-appstream-x86_64/squid-4.15-3.module_el8.6.0+3010+383bc947.1.x86_64.rpm.html
Rocky 9 : https://almalinux.pkgs.org/9/almalinux-appstream-x86_64/squid-5.2-1.el9_0.1.x86_64.rpm.html

Thank you!


On Mon, 29 Aug 2022 at 13:36, Amos Jeffries <mailto:squid3 at treenet.co.nz> wrote:
On 29/08/22 22:17, David Ferreira wrote:
> hi,
> 
> First time using mailing lists, sorry about anything.
> 

Welcome, and thanks for using Squid.

Do not worry about mistakes. Helping with that type of thing is what 
this list is here for whether expert or beginner.



> 
> Squid 4.15:
> 26/Aug/2022:15:36:08 +0100    273 172.19.222.132TCP_MISS/200 745 POST 
> http://websiteurl/index.php <http://websiteurl/index.php> - 
> HIER_DIRECT/websitedomain text/xml
> 
> Squid 5.2:
> 25/Aug/2022:15:10:00 +0100    139 172.19.222.132 TCP_MISS_ABORTED/100 0 
> POST http://websiteurl <http://websiteurl>/index.php - 
> HIER_DIRECT/websitedomain -
> 
> anyone has an ideia of what may be happening here?, been searching about 
> http errors 100 and so far i did not find anything that points me to the 
> problem.
> 
> On the application side the error it shows when it tries to upload is:
> "
> Error storing the document on the server
> Detail HTTP error 100
> Send failure: Connection was aborted (55)
> "
> 

This is very odd.

  * The "ABORTED" tag hints strongly that the client closed the 
connection here.


  * Status code "100 Continue" is a normal part of HTTP/1.1.

There is something wrong with the client application to be reporting 
that as an error code at all. Likely that bug is what triggered the abort.

  * The difference in result between Squid v4 and v5 is also extremely 
odd. I do not think handling of status 100 had any significant changes 
since the Squid-3 days.


Can you show us your config for both versions?
  Omit lines that are commented out to reduce the sizes.
  Take care to obscure private details while keeping it clear that 
detail A and B are different (eg don't use same symbol X for replacing 
both).


Also FME, where can I/we find details of the Rocky Squid packages?


Cheers
Amos
_______________________________________________
squid-users mailing list
mailto:squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



-- 
Com os melhores cumprimentos,
David Ferreira



More information about the squid-users mailing list