Re: [squid-users] TCP_MISS/503 0 CONNECT errors
On 2/07/2012 8:28 p.m., Bruno Santos wrote: Hi Amos, thank you for the reply. I don't have IPV6 on my network and i've disabled CentOS IPv6 : cat /etc/sysconfig/network: NETWORKING_IPV6=no I'm using CentOS 5.8 and the last squid i can find using yum is this one i'm using: squid-3.1.0.16-7 - although yum (when trying to upgrade) says i've installed squid-2.6.STABLE21-6.el6. That is probably the problem then. 3.1 initial IPv6 support did NOT do failure very well at all. I'm going to further study and try to solve this issues with yum and squid. In my DNS (bind-9.3.6) i've disabled IPv6 name resolution... (i was getting a lot of errors in /var/log/messages). Can this have something to do? Should i enable IPv6 in bind ? This would cause slowness, ppossibly NXDOMAIN for IPv6-enabled domains. But you need to see the error page to know whether it even is DNS or TCP issues. Amos
Re: [squid-users] TCP_MISS/503 0 CONNECT errors
Hi Amos, thank you for the reply. I don't have IPV6 on my network and i've disabled CentOS IPv6 : cat /etc/sysconfig/network: NETWORKING_IPV6=no I'm using CentOS 5.8 and the last squid i can find using yum is this one i'm using: squid-3.1.0.16-7 - although yum (when trying to upgrade) says i've installed squid-2.6.STABLE21-6.el6. I'm going to further study and try to solve this issues with yum and squid. In my DNS (bind-9.3.6) i've disabled IPv6 name resolution... (i was getting a lot of errors in /var/log/messages). Can this have something to do? Should i enable IPv6 in bind ? Thank you Cheers, Bruno Santos - Original Message - From: "Amos Jeffries" To: squid-users@squid-cache.org Sent: Saturday, 30 June, 2012 9:17:45 AM Subject: Re: [squid-users] TCP_MISS/503 0 CONNECT errors On 30/06/2012 1:30 a.m., Bruno Santos wrote: > Hi all. > > > I've search in the internet and i've done some experiences with some > solutions i found on the internet, but still no luck. First hint: you are still using a *beta* release of Squid-3.1. That series has been in stable releases for over 2 years. NP: I advise using no release older than 3.1.15. There are major security vulnerabilities in all older releases. Second hint: that 503 status generated by Squid means no destination could be contacted. ie the TCP connection setup failed. "Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error." is Chrome "user-friendly" display the 503 failure status. Guesses: DNS resolution of and A records failed (no destination able to be found). TCP connection to some found IPv6 address(es) failed TCP connection to some found IPv4 address(es) failed NP: the problem is very likely to be your IPv6 connectivity or some IPv6 issue in that 3.1 beta release. Google services are mostly IPv6-enabled and using HTTPS (via CONNECT) since earlier this month. Squid-3.1 will try very hard to connect using IPv6 whenever possible. Amos -- Use Open Source Software Human knowledge belongs to the world Bruno Santos bvsan...@ulscb.min-saude.pt http://www.twitter.com/feiticeir0 Tel: +351 962 753 053 Divisão de Informática informat...@ulscb.min-saude.pt Tel: +351 272 000 155 Fax: +351 272 000 257 Unidade Local de Saúde de Castelo Branco, E.P.E. ge...@ulscb.min-saude.pt Tel: +351 272 000 272 Fax: +351 272 000 257 Linux registered user #349448 LPIC-1 Certification
Re: [squid-users] TCP_MISS/503 0 CONNECT errors
On 30/06/2012 1:30 a.m., Bruno Santos wrote: Hi all. I've search in the internet and i've done some experiences with some solutions i found on the internet, but still no luck. First hint: you are still using a *beta* release of Squid-3.1. That series has been in stable releases for over 2 years. NP: I advise using no release older than 3.1.15. There are major security vulnerabilities in all older releases. Second hint: that 503 status generated by Squid means no destination could be contacted. ie the TCP connection setup failed. "Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error." is Chrome "user-friendly" display the 503 failure status. Guesses: DNS resolution of and A records failed (no destination able to be found). TCP connection to some found IPv6 address(es) failed TCP connection to some found IPv4 address(es) failed NP: the problem is very likely to be your IPv6 connectivity or some IPv6 issue in that 3.1 beta release. Google services are mostly IPv6-enabled and using HTTPS (via CONNECT) since earlier this month. Squid-3.1 will try very hard to connect using IPv6 whenever possible. Amos
[squid-users] TCP_MISS/503 0 CONNECT errors
Hi all. I've search in the internet and i've done some experiences with some solutions i found on the internet, but still no luck. In some https sites i'm getting TCP_MISS/503 0 CONNECT and the page is not displayed. It has to be something to do with squid, because if i don't use a proxy server (my machine is allowed to connect directly to the internet - so is the proxy server) i don't get any errors and the sites are displayed correctly. the funny thing is, if i refresh the page, most of the times, it works.. But never the first time... Sometimes i get this error in the browser (chromium): Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error. In squid access.log, this is the error: 1340974582.878 4 192.168.98.3 TCP_MISS/503 0 CONNECT plus.google.com:443 - DIRECT/- - 1340974586.898 2 192.168.98.3 TCP_MISS/503 0 CONNECT ssl.gstatic.com:443 - DIRECT/- - 1340974586.898 2 192.168.98.3 TCP_MISS/503 0 CONNECT lh6.googleusercontent.com:443 - DIRECT/- - 1340974587.579 3 192.168.98.3 TCP_MISS/503 0 CONNECT images3-focus-opensocial.googleusercontent.com:443 - DIRECT/- - 1340974587.596 17 192.168.98.3 TCP_MISS/503 0 CONNECT lh3.googleusercontent.com:443 - DIRECT/- - 1340974587.596 17 192.168.98.3 TCP_MISS/503 0 CONNECT s2.googleusercontent.com:443 - DIRECT/- - 1340974587.598 5 192.168.98.3 TCP_MISS/503 0 CONNECT images1-focus-opensocial.googleusercontent.com:443 - DIRECT/- - 1340974587.598 20 192.168.98.3 TCP_MISS/503 0 CONNECT images1-focus-opensocial.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh4.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT lh5.googleusercontent.com:443 - DIRECT/- - 1340974587.603 6 192.168.98.3 TCP_MISS/503 0 CONNECT images2-focus-opensocial.googleusercontent.com:443 - DIRECT/- - 1340974587.603 9 192.168.98.3 TCP_MISS/503 0 CONNECT images2-focus-opensocial.googleusercontent.com:443 - DIRECT/- - 1340974588.573 10 192.168.98.3 TCP_MISS/503 0 CONNECT apis.google.com:443 - DIRECT/- - 1340974588.644 81 192.168.98.3 TCP_MISS/503 0 CONNECT talkgadget.google.com:443 - DIRECT/- - 1340974588.644 84 192.168.98.3 TCP_MISS/503 0 CONNECT talkgadget.google.com:443 - DIRECT/- - (after refresh the page) 1340974588.698522 192.168.99.16 TCP_MISS/200 18114 CONNECT plus.google.com:443 - DIRECT/173.194.34.230 - I'm using Squid with dansguardian for content filtering. The clients connect to 8080 port (dansguardian) . Squid and dansguardian connect with port 3128. Here is my squid configuration: --- http_port 127.0.0.1:3128 auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "ou=people,dc=domain,dc==com" -f "uid=%s" -H ldaps://ldapserver.domain.com:636 -v 3 auth_param basic children 5 auth_param basic realm Please type your credentials! auth_param basic credentialsttl 1 minute acl ldapAuth proxy_auth REQUIRED acl manager proto cache_object acl webserver src 127.0.0.1/32 acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl HalNetworks src 172.20.0.0/16 192.168.20.0/24 192.168.30.0/24 192.168.240.0/24 192.168.250.0/24 acl Nonet src "/etc/squid/HalNonet.squid" acl HalDeny dstdom_regex "/etc/squid/HalDeny.squid" acl SSL_ports port 443 acl SSL_ports port 631 # Cups acl SSL_ports port 873 # Rsync acl SSL_ports port 1494 # citrix acl SSL_ports port 2598 # citrix acl SSL_ports port 4433 # DGS acl Safe_ports port 80 # http acl Safe_ports port 81 # http acl Safe_ports port 82 # escolas acl Safe_ports port 8081# http acl Safe_ports port 8181# Coaguladores acl Safe_ports port 873 # rsync acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https #acl Safe_ports port 70 # gopher #acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 1494# citrix acl Safe_po
Re: [squid-users] TCP_MISS/503 0 CONNECT
On 7/06/2012 9:48 p.m., Maqsood Ahmad wrote: Dear Ralf, Yes i am getting the same error , but i am running squid 3.1 on freebsd 8. no IPV6 enable. IPv6 is irrelevant. At its core this is a TCP handshake issue. They happen in IPv4 as well under the same PMTU, ECN, and Window Scaling conditions. The important part is the bits you left off the report so far ... where Squid is being asked to connect to and what host/IP it is opening a TCP connection to. Amos
RE: [squid-users] TCP_MISS/503 0 CONNECT
Dear Ralf, Yes i am getting the same error , but i am running squid 3.1 on freebsd 8. no IPV6 enable. Maqsood Ahmad > Date: Thu, 7 Jun 2012 10:10:17 +0200 > From: ralf.hildebra...@charite.de > To: squid-users@squid-cache.org > Subject: Re: [squid-users] TCP_MISS/503 0 CONNECT > > * Maqsood Ahmad : > > > > Dear All, > > > > > > I am continuously getting this error " TCP_MISS/503 0 CONNECT " in my squid > > proxy. > > I did not find any good help through google. > > Like this? > http://squid-web-proxy-cache.1019090.n4.nabble.com/Strange-503-on-https-sites-td3627150.html > > -- > Ralf Hildebrandt Charite Universitätsmedizin Berlin > ralf.hildebra...@charite.deCampus Benjamin Franklin > http://www.charite.de Hindenburgdamm 30, 12203 Berlin > Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
Re: [squid-users] TCP_MISS/503 0 CONNECT
* Maqsood Ahmad : > > Dear All, > > > I am continuously getting this error " TCP_MISS/503 0 CONNECT " in my squid > proxy. > I did not find any good help through google. Like this? http://squid-web-proxy-cache.1019090.n4.nabble.com/Strange-503-on-https-sites-td3627150.html -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
[squid-users] TCP_MISS/503 0 CONNECT
Dear All, I am continuously getting this error " TCP_MISS/503 0 CONNECT " in my squid proxy. I did not find any good help through google. Please help Maqsood Ahmad
Re: [squid-users] TCP_MISS/503
Thanks guys, Was able to resolve it but it was the firewall that was mis-behaving. @Amos..the error message ends with the version of squid and the admin email address On Wed, Sep 9, 2009 at 3:27 PM, Amos Jeffries wrote: > Kevin Kimani wrote: >> >> am also wondering why its not resolving. Am blank with no ideas not >> sure what to do next >> >> On Wed, Sep 9, 2009 at 12:49 PM, Henrik >> Nordstrom wrote: >>> >>> Hmm.. that does not match your access.log entry where it obviously could >>> find the IP.. >>> > > Looks to me like your Squid resolved the domain to IP 63.246.8.100 and > passed the request on. But got a 503 message back from that machine. > > Does the error page finish with the hostname and version of your Squid or > some other? > > > Lesson to anyone wanting to remove the squid signature from their error > pages: THIS is why it is there!!! > > Amos > >>> >>> ons 2009-09-09 klockan 12:09 +0300 skrev Kevin Kimani: am using ubuntu. The browser displays "The following error was encounterd Unable to determine IP address from hostname for www.aphrc.org the dns" On Wed, Sep 9, 2009 at 11:58 AM, Henrik Nordstrom wrote: > > ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani: > >> This is the error message am getting from access.log. >> 1252483940.606 2 10.176.203.55 TCP_MISS/503 1660 GET >> http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html > > What error do you get in the browser (disable "show friendly error > message" is using MSIE) > > Regards > Henrik > > >>> > > > -- > Please be using > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 > Current Beta Squid 3.1.0.13 >
Re: [squid-users] TCP_MISS/503
Kevin Kimani wrote: am also wondering why its not resolving. Am blank with no ideas not sure what to do next On Wed, Sep 9, 2009 at 12:49 PM, Henrik Nordstrom wrote: Hmm.. that does not match your access.log entry where it obviously could find the IP.. Looks to me like your Squid resolved the domain to IP 63.246.8.100 and passed the request on. But got a 503 message back from that machine. Does the error page finish with the hostname and version of your Squid or some other? Lesson to anyone wanting to remove the squid signature from their error pages: THIS is why it is there!!! Amos ons 2009-09-09 klockan 12:09 +0300 skrev Kevin Kimani: am using ubuntu. The browser displays "The following error was encounterd Unable to determine IP address from hostname for www.aphrc.org the dns" On Wed, Sep 9, 2009 at 11:58 AM, Henrik Nordstrom wrote: ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani: This is the error message am getting from access.log. 1252483940.606 2 10.176.203.55 TCP_MISS/503 1660 GET http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html What error do you get in the browser (disable "show friendly error message" is using MSIE) Regards Henrik -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
Re: [squid-users] TCP_MISS/503
am also wondering why its not resolving. Am blank with no ideas not sure what to do next On Wed, Sep 9, 2009 at 12:49 PM, Henrik Nordstrom wrote: > Hmm.. that does not match your access.log entry where it obviously could > find the IP.. > > > ons 2009-09-09 klockan 12:09 +0300 skrev Kevin Kimani: >> am using ubuntu. >> >> The browser displays "The following error was encounterd >> Unable to determine IP address from hostname for www.aphrc.org >> the dns" >> >> On Wed, Sep 9, 2009 at 11:58 AM, Henrik >> Nordstrom wrote: >> > ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani: >> > >> >> This is the error message am getting from access.log. >> >> 1252483940.606 2 10.176.203.55 TCP_MISS/503 1660 GET >> >> http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html >> > >> > What error do you get in the browser (disable "show friendly error >> > message" is using MSIE) >> > >> > Regards >> > Henrik >> > >> > > >
Re: [squid-users] TCP_MISS/503
Hmm.. that does not match your access.log entry where it obviously could find the IP.. ons 2009-09-09 klockan 12:09 +0300 skrev Kevin Kimani: > am using ubuntu. > > The browser displays "The following error was encounterd > Unable to determine IP address from hostname for www.aphrc.org > the dns" > > On Wed, Sep 9, 2009 at 11:58 AM, Henrik > Nordstrom wrote: > > ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani: > > > >> This is the error message am getting from access.log. > >> 1252483940.606 2 10.176.203.55 TCP_MISS/503 1660 GET > >> http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html > > > > What error do you get in the browser (disable "show friendly error > > message" is using MSIE) > > > > Regards > > Henrik > > > >
Re: [squid-users] TCP_MISS/503
am using ubuntu. The browser displays "The following error was encounterd Unable to determine IP address from hostname for www.aphrc.org the dnsserver returned : DNS Domain 'www.aphrc.org' is invalid. Host not found (authoritative) This means that The cache was unable to resolve the the hostname presentedin the URL" On Wed, Sep 9, 2009 at 12:09 PM, Kevin Kimani wrote: > am using ubuntu. > > The browser displays "The following error was encounterd > Unable to determine IP address from hostname for www.aphrc.org > the dns" > > On Wed, Sep 9, 2009 at 11:58 AM, Henrik > Nordstrom wrote: >> ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani: >> >>> This is the error message am getting from access.log. >>> 1252483940.606 2 10.176.203.55 TCP_MISS/503 1660 GET >>> http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html >> >> What error do you get in the browser (disable "show friendly error >> message" is using MSIE) >> >> Regards >> Henrik >> >> >
Re: [squid-users] TCP_MISS/503
am using ubuntu. The browser displays "The following error was encounterd Unable to determine IP address from hostname for www.aphrc.org the dns" On Wed, Sep 9, 2009 at 11:58 AM, Henrik Nordstrom wrote: > ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani: > >> This is the error message am getting from access.log. >> 1252483940.606 2 10.176.203.55 TCP_MISS/503 1660 GET >> http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html > > What error do you get in the browser (disable "show friendly error > message" is using MSIE) > > Regards > Henrik > >
Re: [squid-users] TCP_MISS/503
ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani: > This is the error message am getting from access.log. > 1252483940.606 2 10.176.203.55 TCP_MISS/503 1660 GET > http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html What error do you get in the browser (disable "show friendly error message" is using MSIE) Regards Henrik
[squid-users] TCP_MISS/503
Hi all, Am running squid 2.6 in CentOS which is behind a firewall. Am able to access other websites using the proxy apart from aphrc.org. Its been recuring since yesterday in the afternoon and all was working well in the morning. This is the error message am getting from access.log. 1252483940.606 2 10.176.203.55 TCP_MISS/503 1660 GET http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html I have entered the DNS nameservers in the squid file. All the help will highly be appreciated
Re: [squid-users] TCP_MISS/503 and icp
Amos Jeffries wrote: Hi, I have some hosts that use one squid-1 server that has a squid-2 parent: I mean squid-1 has: cache_peer parent.domain parent 80803130 But some sites are unaccessible, in special those sites with url having an "?" for example: 1242674301.146104 10.128.255.189 TCP_MISS/503 1415 GET http://ar.yahoo.com/? - DIRECT/209.191.93.55 text/html You will get a better trace of these without stripping the query string. http://www.squid-cache.org/Doc/config/strip_query_terms/ and browser shows: Error The requested URL could not be retrieved While trying to retrieve the URL http://ar.yahoo.com/? The following error was encountered: *Connection to 209.191.93.55 The system returned: (111) Connectio0n refused Also, On the squid-1 iptables are doing REDIRECT. Please could you tell me what's wrong? By default dynamic pages cannot be trusted through peers. Squid up until very recently added no-cache to peer requests (IIRC), which screws up the bandwidth savings. So while its safe enough to turn on caching of dynamic pages it's still a sticky issue if they pass through peers. http://www.squid-cache.org/Doc/config/hierarchy_stoplist/ Also see http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#head-f7c4c667d4154ec5a9619044ef7d8ab94dfda39b Your trace shows Squid-1 is not using the squid-2 as a source, its just trying to go there DIRECTly. And the source is actively doing a TCP level reset/denial. Amos Chris
Re: [squid-users] TCP_MISS/503 and icp
> Hi, > > I have some hosts that use one squid-1 server that has a squid-2 parent: > > I mean squid-1 has: > > cache_peer parent.domain parent 80803130 > > > But some sites are unaccessible, in special those sites with url having an > "?" > > for example: > > 1242674301.146104 10.128.255.189 TCP_MISS/503 1415 GET > http://ar.yahoo.com/? - DIRECT/209.191.93.55 text/html > You will get a better trace of these without stripping the query string. http://www.squid-cache.org/Doc/config/strip_query_terms/ > > and browser shows: > > Error > The requested URL could not be retrieved > > While trying to retrieve the URL http://ar.yahoo.com/? > > The following error was encountered: > > *Connection to 209.191.93.55 > > The system returned: > > (111) Connectio0n refused > > > Also, On the squid-1 iptables are doing REDIRECT. > > Please could you tell me what's wrong? By default dynamic pages cannot be trusted through peers. Squid up until very recently added no-cache to peer requests (IIRC), which screws up the bandwidth savings. So while its safe enough to turn on caching of dynamic pages it's still a sticky issue if they pass through peers. http://www.squid-cache.org/Doc/config/hierarchy_stoplist/ Your trace shows Squid-1 is not using the squid-2 as a source, its just trying to go there DIRECTly. And the source is actively doing a TCP level reset/denial. Amos
[squid-users] TCP_MISS/503 and icp
Hi, I have some hosts that use one squid-1 server that has a squid-2 parent: I mean squid-1 has: cache_peer parent.domain parent 80803130 But some sites are unaccessible, in special those sites with url having an "?" for example: 1242674301.146104 10.128.255.189 TCP_MISS/503 1415 GET http://ar.yahoo.com/? - DIRECT/209.191.93.55 text/html and browser shows: Error The requested URL could not be retrieved While trying to retrieve the URL http://ar.yahoo.com/? The following error was encountered: *Connection to 209.191.93.55 The system returned: (111) Connectio0n refused Also, On the squid-1 iptables are doing REDIRECT. Please could you tell me what's wrong? Thanks in advance! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
Re: [squid-users] TCP_MISS/503
On tis, 2008-05-20 at 16:08 -0300, Mauricio Paulo de Sousa wrote: > my squid, yestarday, started to make it, how you can see it is showing > TCP_MISS/503""", and not TCP_MISS/200 how is the normal. > Have any idea, how can i fix it?? What error is shown in the browser? Note: If using MSIE then you need to disable "friendly error messages" in the internet settings to see the actual error... Firefox and most others is knind enough to actually show the error to the user by default. Regards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] TCP_MISS/503
Hello all, my squid, yestarday, started to make it, how you can see it is showing TCP_MISS/503""", and not TCP_MISS/200 how is the normal. Have any idea, how can i fix it?? OS version: slackware 11.0 squid version: 2.6.STABLE13 1211309869.395 88 10.0.7.3 TCP_MISS/503 1567 GET http://www.realmac.com.br/webmail - DIRECT/www.realmac.com.br text/html 1211309888.669 66 10.0.7.3 TCP_MISS/503 1550 GET http://www.unoesc.edu.br/ - DIRECT/www.unoesc.edu.br text/html 1211309896.780 5097 10.0.7.3 TCP_MISS/503 1550 GET http://www.unoesc.edu.br/ - DIRECT/www.unoesc.edu.br text/html thanks to all. -- Mauricio Paulo de Sousa
RE: [squid-users] TCP_MISS/503 0 CONNECT
ons 2007-03-07 klockan 07:37 + skrev Mehmet, Levent (Accenture): > But I have tried this with a directly connected pc t the internet ad it > works. But this site is only contactable via the software on port 1935 > or 443 or 80 for both TCP protocol and RTMP protocol ? I could only contact the server on port tcp/1935. port 80 immediately gave "connection refused". port 443 never responded at all (looks firewalled), resulting in a timeout after a long wait.. port 1935 accepted connections, but I don't know for what so I have not tried to actually use it.. (only opened the TCP connection). Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] TCP_MISS/503 0 CONNECT
But I have tried this with a directly connected pc t the internet ad it works. But this site is only contactable via the software on port 1935 or 443 or 80 for both TCP protocol and RTMP protocol ? The error appears when the application hangs with an error trying to connect 'Error occurred while trying to connect the vitero flash communication server. The server with the address viteroaudio.emea.europa.eu could not be connected. Please contact you systems administrator' -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: 06 March 2007 20:51 To: Mehmet, Levent (Accenture) Cc: squid-users@squid-cache.org Subject: Re: [squid-users] TCP_MISS/503 0 CONNECT tis 2007-03-06 klockan 16:54 + skrev Mehmet, Levent (Accenture): > > Please can someone explain what is happening below: > > TCP_MISS/503 0 CONNECT viteroaudio.emea.eurpoa.eu:443 - > DIRECT/195.144.18.193 - TCP_MISS/503 means Squid failed to connect to the requested server. > I am unable to access this site via a application that uses > viteroaudio.emea.europa.eu using port 1935 or 443 or 80 for both TCP > protocol and RTMP protocol ? Same here.. and same results using MSIE on Windows 2000 directly connected to the Internet without proxy... So I don't think it's a Squid issue.. Regards Henrik This email and any files transmitted with it are confidential. If you are not the intended recipient, any reading, printing, storage, disclosure, copying or any other action taken in respect of this email is prohibited and may be unlawful. If you are not the intended recipient, please notify the sender immediately by using the reply function and then permanently delete what you have received.Incoming and outgoing email messages are routinely monitored for compliance with the Department of Healths policy on the use of electronic communications. For more information on the Department of Healths email policy, click http://www.dh.gov.uk/DHTermsAndConditions/fs/en?CONTENT_ID=4110945&chk=x1C3Zw The original of this email was scanned for viruses by Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable & Wireless in partnership with MessageLabs. On leaving the GSI this email was certified virus free. The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk
Re: [squid-users] TCP_MISS/503 0 CONNECT
tis 2007-03-06 klockan 16:54 + skrev Mehmet, Levent (Accenture): > > Please can someone explain what is happening below: > > TCP_MISS/503 0 CONNECT viteroaudio.emea.eurpoa.eu:443 - > DIRECT/195.144.18.193 - TCP_MISS/503 means Squid failed to connect to the requested server. > I am unable to access this site via a application that uses > viteroaudio.emea.europa.eu using port 1935 or 443 or 80 for both TCP > protocol and RTMP protocol ? Same here.. and same results using MSIE on Windows 2000 directly connected to the Internet without proxy... So I don't think it's a Squid issue.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] TCP_MISS/503 0 CONNECT
Please can someone explain what is happening below: TCP_MISS/503 0 CONNECT viteroaudio.emea.eurpoa.eu:443 - DIRECT/195.144.18.193 - I am unable to access this site via a application that uses viteroaudio.emea.europa.eu using port 1935 or 443 or 80 for both TCP protocol and RTMP protocol ? I dont get a error message ? Do i need to allow something on squid ? Below is my acl list: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT Regards Levent Mehmet Network Team Lead The Accenture MHRA Operate Unit Market Towers, 20th Floor 1 Nine Elms Lane London SW8 5NQ E-mail: [EMAIL PROTECTED] Phone: +44 20 7084 3517 Fax: +44 20 7084 2627 This email and any files transmitted with it are confidential. If you are not the intended recipient, any reading, printing, storage, disclosure, copying or any other action taken in respect of this email is prohibited and may be unlawful. If you are not the intended recipient, please notify the sender immediately by using the reply function and then permanently delete what you have received.Incoming and outgoing email messages are routinely monitored for compliance with the Department of Healths policy on the use of electronic communications. For more information on the Department of Healths email policy, click http://www.dh.gov.uk/DHTermsAndConditions/fs/en?CONTENT_ID=4110945&chk=x1C3Zw The original of this email was scanned for viruses by Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable & Wireless in partnership with MessageLabs. On leaving the GSI this email was certified virus free. The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk
Re: [squid-users] TCP_MISS/503
fre 2006-07-21 klockan 15:28 +0200 skrev Fabio: > hi everyone > I have a BIG problem I can't solve with my squid. > sometimes (randomly) I have an error in retrieving the URL > in logs it appears as: > 1153487449.160 2211 10.91.195.69 TCP_MISS/503 1660 GET > http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 > - > NONE/- text/html Anything in cache.log? What appears in the browser? Note: if using MSIE then you probably need to disable "Show user friendly error messages" in the advanced internet settings to stop IE from replacing the error message with a generic "an error occurred" message designed by Microsoft to make users less aware of what is going on... > from what it's depends? Can be a wide variety of different things unfortunately. > where can I find the explanation of the error codes? The FAQ has a section explaining many. In this case TCP_MISS indicates it was a cache miss, and /503 indicates that Squid could not contact the requested server for some reason. The full details was shown in the error message sent to the client. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] TCP_MISS/503
Fabio wrote: hi everyone I have a BIG problem I can't solve with my squid. sometimes (randomly) I have an error in retrieving the URL in logs it appears as: 1153487449.160 2211 10.91.195.69 TCP_MISS/503 1660 GET http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 - NONE/- text/html 1153487449.332 1 10.91.195.69 TCP_MISS/503 1538 GET http://www.sing365.com/favicon.ico - NONE/- text/html 1153487455.352 45 10.91.195.69 TCP_MISS/503 1660 GET http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 - NONE/- text/html from what it's depends? where can I find the explanation of the error codes? regards, Hello Fabio, *TCP_MISS* message will come when the requested object is not in the cache. For more details about squid status codes visit at: http://wiki.squid-cache.org/SquidFaq/SquidLogs#head-2914f3a846d41673d4ae34018142e672b8f258ce. -- Thanks, Visolve Squid Team, http://squid.visolve.com
[squid-users] TCP_MISS/503
hi everyone I have a BIG problem I can't solve with my squid. sometimes (randomly) I have an error in retrieving the URL in logs it appears as: 1153487449.160 2211 10.91.195.69 TCP_MISS/503 1660 GET http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 - NONE/- text/html 1153487449.332 1 10.91.195.69 TCP_MISS/503 1538 GET http://www.sing365.com/favicon.ico - NONE/- text/html 1153487455.352 45 10.91.195.69 TCP_MISS/503 1660 GET http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 - NONE/- text/html from what it's depends? where can I find the explanation of the error codes? regards, fabio
Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode
> It is probably a good time to run a "squid -k debug" dump to verify that > your Squid is properly identifying the connection as intercepted and > resolving the original destination IP. Ok. One thing I noticed is these three mime_get_header rows that is seen in squid-2.5 but not in squid-3.0 2004/09/29 12:00:05| mime_get_header: looking for 'Host' 2004/09/29 12:00:05| mime_get_header: checking 'Host: www.squid-cache.org' 2004/09/29 12:00:05| mime_get_header: returning 'www.squid-cache.org' 2004/09/29 12:00:05| parseHttpRequest: Complete request received Would that mean that squid-3.0 don't see the connection as intercepted on my system? And if it does, am I out of luck then? ;-) /Andreas
Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode
On Tue, 28 Sep 2004, Andreas Pettersson wrote: Is there anything at all in cache.log which may be relevant? Earlier the following occured, but I'm not sure exactly what configuration I was running at the time (I have tested a LOT of different configurations.. I might have run some stupid conf..) 2004/09/28 11:36:37| Failed to select source for 'http://www.domain.se/' 2004/09/28 11:36:37| always_direct = 0 2004/09/28 11:36:37|never_direct = 0 2004/09/28 11:36:37|timedout = 0 This is a new one... never seen that before. Another thing I have noticed in cache.log was before I recompiled my kernel with IPFIREWALL and IPFIREWALL_FORWARD. I loaded ipfw manually after boot instead (kldload ipfw) but that wouldn't do it for squid, which complained with this: parseHttpRequest: NAT open failed: (2) No such file or directory If you see this then transparent interception won't work as Squid won't have a clue on how to resolve the intercepted connections correctly. You can still configure Squid-3 as an accelerator for all domains of the whole Internet using the vhost directive, much like Squid-2 worked. The main difference is that Squid-3 automatically enables never_direct on accelerated requests (but not on transparently intercepted requests) and you would need to counter this by using the always_direct directive. All google hits stated that /dev/nat was missing on my system. But after kernel recompilation /dev/nat is still missing. The nat device is called /dev/ipnat. Squid knows both. However the error message does no longer appear in cache.log. I don't know if it has anything to do with my problem, but I think it's worth mentioning. It is probably a good time to run a "squid -k debug" dump to verify that your Squid is properly identifying the connection as intercepted and resolving the original destination IP. Regards Henrik
Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode
> Is there anything at all in cache.log which may be relevant? Earlier the following occured, but I'm not sure exactly what configuration I was running at the time (I have tested a LOT of different configurations.. I might have run some stupid conf..) 2004/09/28 11:36:37| Failed to select source for 'http://www.domain.se/' 2004/09/28 11:36:37| always_direct = 0 2004/09/28 11:36:37|never_direct = 0 2004/09/28 11:36:37|timedout = 0 Another thing I have noticed in cache.log was before I recompiled my kernel with IPFIREWALL and IPFIREWALL_FORWARD. I loaded ipfw manually after boot instead (kldload ipfw) but that wouldn't do it for squid, which complained with this: parseHttpRequest: NAT open failed: (2) No such file or directory All google hits stated that /dev/nat was missing on my system. But after kernel recompilation /dev/nat is still missing. The nat device is called /dev/ipnat. However the error message does no longer appear in cache.log. I don't know if it has anything to do with my problem, but I think it's worth mentioning. /Andreas
Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode
On Tue, 28 Sep 2004, Andreas Pettersson wrote: http_port 127.0.0.1:80 transparent This is not working. "Invalid URL" (NONE/400 1749 GET / - NONE/- text/html) Is there anything at all in cache.log which may be relevant? Since the redirection has proven to be working I assume there's something wrong with my squid3, but I just cannot get a grip of what... :-/ It is possible the firewall integration is not working properly on your OS. Squid-3 is still under development and a lot of testing remains.. Regards Henrik
Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode
> > it stops working. The browser indicates that it has contact with the web server, > > but nothing happens. After some time this may appear in access.log: > > TCP_MISS/000 0 GET http://idg.se:8090/ - NONE/- - > > If it gets this far the redirection works but something prevents Squid > from making the requests out to the Internet. > > Regards > Henrik Weird.. Let's step a few steps back and forget all high ports. Ipfw is forwarding all http packets to localhost port 80 as described earlier. Squid-2.5STABLE7-RC1 (Note: NOT compiled with --enable-ipf-transparent) squid.conf: http_port 80 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on This is working. I shutdown Squid-2.5 and start Squid-3 instead (compiled with --enable-ipf-transparent) squid.conf: http_port 127.0.0.1:80 transparent This is not working. "Invalid URL" (NONE/400 1749 GET / - NONE/- text/html) Since the redirection has proven to be working I assume there's something wrong with my squid3, but I just cannot get a grip of what... :-/ Anyway, I'm really appreciating all you help, Henrik. /Andreas
Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode
On Tue, 28 Sep 2004, Andreas Pettersson wrote: it stops working. The browser indicates that it has contact with the web server, but nothing happens. After some time this may appear in access.log: TCP_MISS/000 0 GET http://idg.se:8090/ - NONE/- - If it gets this far the redirection works but something prevents Squid from making the requests out to the Internet. Regards Henrik
Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode
> When running Squid-3 instead the problem is these log entries: > NONE/400 1749 GET / - NONE/- text/html > which of course generates "Invalid URL" in the browser. I forgot to mention, there's no errors in cache.log. /Andreas
Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode
> The error indicates Squid does not realize these connections have been > transparently intercepted. > > Make sure you have the correct --enable-- option for integrating Squid > with your OS firewall, and no related errors in cache.log. > > Regards > Henrik Good point. I had missed that. However it still doesn't work.. I have followed all instructions on http://www.squid-cache.org/Doc/FAQ/FAQ-17.html . It actually works with Squid 2.5, but only when the hijacked packets are redirected to port 80. If I change http_port 80 to http_port 8090, and httpd_accel_port from 80 to 8090, and use this ipfw command: ipfw add 50 fwd 127.0.0.1 tcp from any to any 80 instead of ipfw add 50 fwd 127.0.0.1,8090 tcp from any to any 80 it stops working. The browser indicates that it has contact with the web server, but nothing happens. After some time this may appear in access.log: TCP_MISS/000 0 GET http://idg.se:8090/ - NONE/- - I suspect there's something wrong with the packet forwarding.. When running Squid-3 instead the problem is these log entries: NONE/400 1749 GET / - NONE/- text/html which of course generates "Invalid URL" in the browser. /Andreas
Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode
On Sun, 26 Sep 2004, Andreas Pettersson wrote: squid.conf: http_port :8093 transparent vhost Don't use the vhost directive. This is for accelerator mode, not transparent proxies. Regards Henrik
[squid-users] TCP_MISS/503 with Squid-3 in transparent mode
Hi all. I thought it was about time to do some heavy testing of Squid-3 (3.0-PRE3-20040830), but almost immediately I ran into problems.. I'm using FreeBSD 5.1 as a gateway with 2 NICs and has set up the following ipfw rules: allow tcp from to any allow tcp from to any fwd ,8093 tcp from to any dst-port 80 squid.conf: http_port :8093 transparent vhost The same squid config also serves an ordinary proxy service at port 8083, which is working perfectly. But when intercepting the web traffic the following shows up in access.log: TCP_MISS/503 2143 GET http://server.com/ - NONE/- text/html The client is presented an error page saying "Unable to forward this request at this time." Have I missed something essential? Thanks in advance. /Andreas
Re: [squid-users] TCP_MISS/503 Errors.
Marc Hultquist wrote: I am very new to squid ! And while yes I have been able to setup a squid proxy server, it has been fine up until now. Let me basically explain my setup quickly. Squid Proxy Server(10.240.1.242:8000) Wireless 2mb connection. The users will basically authenticate against the squid proxy server against the local acl files located in /var/squid, it does not have a problem with the authing against the files, but where it seems to fail is that no matter what site the users try to go to, it will show them the following message While trying to retrieve the URL: http://www.genetech.co.za/ The following error was encountered: * Connection Failed The system returned: (111) Connection refused The remote host or network may be down. Please try the request again. Your cache administrator is [EMAIL PROTECTED] and in the /var/log/squid/access.log file I see the following. 1086939227.215 5936 10.240.1.208 TCP_MISS/503 1023 GET http://www.genetech.co.za/ marc NONE/- - and no matter _what_ site the users or myself go to it will give the same error, and shows the same line in the access.log file. I then try using another proxy on the network and everything works 100% ! ? I phoned the service provider and well they seem to think their is not a single problem with the wireless tower in our area, I do have full signal, but yes I just cannot seem to resolve anything ? ANY help would be appretiated The 503 code indicates that the server is temporarily unable to process the client's request. A server overloaded may use this code to let the client know that it can retry the request later. What differences do you have between the proxys that works ok and this proxy?. Emilio C.
Re: [squid-users] TCP_MISS/503 Errors.
> While trying to retrieve the URL: http://www.genetech.co.za/ > The following error was encountered: > * Connection Failed > The system returned: > (111) Connection refused > The remote host or network may be down. Please try the request again. > Your cache administrator is [EMAIL PROTECTED] > > and in the /var/log/squid/access.log file I see the following. > > 1086939227.215 5936 10.240.1.208 TCP_MISS/503 1023 GET > http://www.genetech.co.za/ marc NONE/- - > The problem may be because of network service. 503 code indicates Service unavailable. If you get that message ,remote the proxy setting in browser and check again. If you can access the net then it may be problem on proxy. Else the problem is with the service. Regards, Muthukumar. --- === It is a "Virus Free Mail" === Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004
[squid-users] TCP_MISS/503 Errors.
I am very new to squid ! And while yes I have been able to setup a squid proxy server, it has been fine up until now. Let me basically explain my setup quickly. Squid Proxy Server(10.240.1.242:8000) Wireless 2mb connection. The users will basically authenticate against the squid proxy server against the local acl files located in /var/squid, it does not have a problem with the authing against the files, but where it seems to fail is that no matter what site the users try to go to, it will show them the following message While trying to retrieve the URL: http://www.genetech.co.za/ The following error was encountered: * Connection Failed The system returned: (111) Connection refused The remote host or network may be down. Please try the request again. Your cache administrator is [EMAIL PROTECTED] and in the /var/log/squid/access.log file I see the following. 1086939227.215 5936 10.240.1.208 TCP_MISS/503 1023 GET http://www.genetech.co.za/ marc NONE/- - and no matter _what_ site the users or myself go to it will give the same error, and shows the same line in the access.log file. I then try using another proxy on the network and everything works 100% ! ? I phoned the service provider and well they seem to think their is not a single problem with the wireless tower in our area, I do have full signal, but yes I just cannot seem to resolve anything ? ANY help would be appretiated -- Marc Hultquist ([EMAIL PROTECTED]) Computerkit Systems (Pty) Ltd http://www.cks.co.za (P) +27 11 695 5317 (F) +27 11 312 1408 (C) +27 82 563 2861 Quote: "Chances are that if you do something that required two hands, your brain should be notified in advance" Confidentiality Notice: The above message and all attachments may contain privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from your computer. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the entity transmitting the message. Computerkit Retail Systems (Pty) Ltd hereby distances itself from and accepts no liability in respect of the unauthorised use of its e-mail facility or the sending of e-mail communications for other than strictly business purposes