[squid-users] TCP_MISS_ABORTED/502

Fri Jul 12 13:52:29 UTC 2024

On 2024-07-12 08:06, Ben Toms wrote:
> Seems that my issue is similar to - 
> https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication 

You are facing up to two problems:

1. Some authenticated responses are not cachable by Squid. Please share 
HTTP headers of the response in question.

2. TCP_MISS_ABORTED/502 errors may delete a being-cached response. These 
can be bogus errors (essentially Squid logging bugs) or real ones (e.g., 
due to communication bugs, misconfiguration, or compatibility problems). 
I recommend adding %err_code/%err_detail to your logformat and sharing 
the corresponding access.log lines (obfuscated as needed).

Sharing (privately if needed) a pointer to compressed ALL,9 cache.log 
while reproducing the issue using a single transaction may help us 
resolve all the unknowns:

https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction

HTH,

Alex.

> *From: *Ben Toms <ben at macmule.com>
> *Date: *Friday, 12 July 2024 at 12:07
> *To: *squid-users at lists.squid-cache.org <squid-users at lists.squid-cache.org>
> *Subject: *Re: TCP_MISS_ABORTED/502
> 
> To test, I changed the parent url to my blog.. and was able to download 
> an item there via squid-cache.. so the issue seems to be when 
> downloading from a parent which requires authentication.
> 
> Regards,
> 
> Ben.
> 
> *From: *Ben Toms <ben at macmule.com>
> *Date: *Friday, 12 July 2024 at 10:29
> *To: *squid-users at lists.squid-cache.org <squid-users at lists.squid-cache.org>
> *Subject: *TCP_MISS_ABORTED/502
> 
> Hi Amos,
> 
> I made the changes suggested, biut still getting TCP_MISS_ABORTED/502.
> 
> The test I’m performing is via a simple curl:
> 
> curl https://local.server.fqdn/some/file/path 
> <https://local.server.fqdn/some/file/path> -H "Authorization: Basic 
> base64_auth" -o ~/Downloads/test
> 
> The Apache logs for the parent (public.server.fqdn), show:
> 
> [12/Jul/2024:10:16:09 +0100] "GET /some/file/path HTTP/1.1" 200 10465 
> "-" "curl/8.7.1"
> 
> So, Apache on the parent is responding with a 200.. and if I mess around 
> with the curl commands base64_auth I get 401’s as expected in the 
> parents Apache logs.
> 
> However, squids access.log still shows:
> 
> 1720775769.417     49 192.168.0.156 TCP_MISS_ABORTED/502 3974 GET 
> https://local.server.fqdn/some/file/path 
> <https://local.server.fqdn/some/file/path> - 
> FIRSTUP_PARENT/public.ip.of.public.server text/html
> 
> Squid.conf is now:
> 
> https_port 443 accel protocol=HTTPS tls-cert=/usr/local/squid/client.pem 
> tls-key=/usr/local/squid/client.key
> 
> cache_peer public.server.fqdn parent 443 0 no-query originserver 
> no-digest no-netdb-exchange tls login=PASSTHRU name=myAccel 
> forceddomain=uk-dist-a.datajar.mobi
> 
> acl our_sites dstdomain local.server.fqdn
> 
> http_access allow our_sites
> 
> cache_peer_access myAccel allow our_sites
> 
> cache_peer_access myAccel deny all
> 
> refresh_pattern -i public.server.fqdn/* 3600    80%     14400
> 
> cache_dir ufs /usr/local/squid/var/cache 100000 16 256
> 
> The file I’m attempting to cache with the above curl command is 6.5kb 
> only.. have tried others to no avail.
> 
> It seems like squid doesn’t want to cache, and it’s not advising the 
> client to wait as it caches.
> 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users