[squid-users] TCP_TUNNEL/500 internal server error bandwidth impact
Marko Cupać
marko.cupac at mimar.rs
Wed Sep 27 13:30:20 UTC 2023
Hi,
I have successfully been running AD-authenticated, ssl-bumped (for a
few sites of our own, the rest is spliced) squid proxy server for more
than a decade, where for such success I am greatly thankful to all the
people who develop squid and who helped me on this list numerous times.
Lately I am experiencing bandwidth saturation of links I care for, and
- of course - a big chunk of it is taken by web traffic that passes
through squid proxy. I fired up calamaris to see what is going on,
and I found out that - if report is correct - more than a third of
daily data consumed by squid on behalf of its clients, goes for
"500 (Internal Server Error)":
# TCP Response code distribution
status-code request % Byte %
---------------------------------------------- --------- ------ -------- ------
000 (Used mostly with UDP traffic) 168404 3.86 0M 0.00
200 (OK) 2083756 47.82 78277M 54.66
204 (No Content) 57 0.00 0M 0.00
206 (Partial Content) 22234 0.51 7373M 5.15
301 (Moved Permanently) 467 0.01 0M 0.00
302 (Moved Temporarily) 442 0.01 0M 0.00
303 (See Other) 1 0.00 0M 0.00
304 (Not Modified) 16639 0.38 7M 0.00
308 (Resume Incomplete) 1 0.00 0M 0.00
400 (Bad Request) 12 0.00 0M 0.00
403 (Forbidden) 139524 3.20 782M 0.55
404 (Not Found) 588 0.01 1M 0.00
407 (Proxy Authentication Required) 1593023 36.56 6275M 4.38
500 (Internal Server Error) 321292 7.37 50439M 35.22
502 (Bad Gateway) 6269 0.14 44M 0.03
503 (Service Unavailable) 4850 0.11 0M 0.00
---------------------------------------------- --------- ------ -------- ------
Sum 4357559 100.00 143198M 100.00
I came to conclusion that this comes from lines with TCP_TUNNEL/500 in
access.log, similar to:
1695680000.912 69973 10.X.X.X TCP_TUNNEL/500 8503669 CONNECT ipv4-c002-beg001-oriontelekom-isp.1.oca.nflxvideo.net:443 some.gal HIER_DIRECT/93.93.192.146 -
1695679277.395 876830 10.X.X.X TCP_TUNNEL/500 105991027 CONNECT rostov1.nebula.to:443 some.guy HIER_DIRECT/37.48.76.251 -
1695710735.004 271 10.X.X.X TCP_TUNNEL/500 10076 CONNECT nav.smartscreen.microsoft.com:443 some.guy HIER_DIRECT/51.104.176.40 -
1695710735.117 35652 10.X.X.X TCP_TUNNEL/500 6696 CONNECT g.live.com:443 some.gal HIER_DIRECT/68.219.88.225 -
1695710735.228 126910 10.X.X.X TCP_TUNNEL/500 6831 CONNECT enterprise-eudb.activity.windows.com:443 some.otherguy HIER_DIRECT/40.118.94.234 -
1695710735.343 218 10.X.X.X TCP_TUNNEL/500 7854 CONNECT smartscreen.microsoft.com:443 some.othergal HIER_DIRECT/51.104.176.40 -
1695710735.668 125756 10.X.X.X TCP_TUNNEL/500 997 CONNECT teams.microsoft.com:443 - HIER_DIRECT/52.123.129.14 -
Are these really remote server errors? If so, why do they consume so
much traffic? Is there anything I can do to prevent it, like reseting
those sessions early and avoiding downloading all that data?
Thank you in advance.
--
Before enlightenment - chop wood, draw water.
After enlightenment - chop wood, draw water.
Marko Cupać
https://www.mimar.rs/
More information about the squid-users
mailing list