I am currently running Squid 3.3.9 and 3.3.10 on RedHat
Enterprise Server 5 in a reverse-proxy set-up and have an issue when attempting
to upload a file (i.e. .xls) that is larger than 6MB. A 502 error is
thrown by Squid. The backend parent web server is an IIS 7.5 Win2k8 R2.
The oddity is the site functions just fine under the old Squid 2.6.22
version. However after upgrading to 3.3.9 (and subsequently 3.3.10 to see
if this error resolves), the upload issue of files larger than 6MB still
exists.
The 502 Error from the access.log reads:
https://site.com/products/application/SomeThing/Batch.aspx%c2%a0-
FIRSTUP_PARENT/192.168.1.5 text/html
1384868971.758 134798 192.250.4.3 TCP_MISS/502 5065 POST
I turned up the debug level to: debug_options ALL,333
This produced the output below in the cache.log file
which showed a “(104) Connection reset by peer” error:
013/11/20 07:58:09.714 kid1| http.cc(1104)
persistentConnStatus: persistentConnStatus: clen=0
2013/11/20 07:58:10.167 kid1| comm.cc(145)
commHandleRead: comm_read_try: FD 10, size 16383, retval -1, errno 104
2013/11/20 07:58:10.167 kid1| AsyncCall.cc(85)
ScheduleCall: IoCallback.cc(127) will call
HttpStateData::readReply(local=192.250.4.3:55985 remote=192.168.1.5:443 FD 10
flags=1, errno=104, flag=-1, data=0x10edade8, size=0, buf=0x10ee9ff0) [call264]
2013/11/20 07:58:10.167 kid1| AsyncCallQueue.cc(51)
fireNext: entering HttpStateData::readReply(local=192.250.4.3:55985
remote=192.168.1.5:443 FD 10 flags=1, errno=104, flag=-1, data=0x10edade8,
size=0, buf=0x10ee9ff0)
2013/11/20 07:58:10.168 kid1| http.cc(1172) readReply:
local=192.250.4.3:55985 remote=192.168.1.5:443 FD 10 flags=1: read failure:
(104) Connection reset by peer.
2013/11/20 07:58:10.168 kid1| AsyncJob.cc(131) callEnd:
HttpStateData::readReply(local=192.250.4.3:55985 remote=192.168.1.5:443
flags=1, errno=104, flag=-1, data=0x10edade8, size=0, buf=0x10ee9ff0) ends job
[ job25]
2013/11/20 07:58:10.168 kid1| AsyncJob.cc(141) callEnd:
HttpStateData::readReply(local=192.250.4.3:55985 remote=192.168.1.5:443
flags=1, errno=104, flag=-1, data=0x10edade8, size=0, buf=0x10ee9ff0) ended
0x10edaea8
2013/11/20 07:58:10.168 kid1| AsyncCallQueue.cc(53)
fireNext: leaving HttpStateData::readReply(local=192.250.4.3:55985
remote=192.168.1.5:443 flags=1, errno=104, flag=-1, data=0x10edade8, size=0,
buf=0x10ee9ff0)
2013/11/20 07:58:10.169 kid1| errorpage.cc(1120) Convert:
errorConvert: %%E --> '(104) Connection reset by peer'
I played around with various parameters in the squid.conf
file to no avail:
# Base ACL rules to allow connections on port 80 and 443
acl all src all
acl port80 port 80
acl port443 port 443
http_access allow port80
http_access allow port443
http_access deny all
http_reply_access allow all
# Forces no caching of failed requests
negative_ttl 0
# Timeout value for closing persistent idle connections
pconn_timeout 1 seconds
#request_body_max_size 20 MB
#client_request_buffer_max_size 20 MB
# Turns off some HTTP Headers we do not want exposed
via off
#forwarded_for off
request_header_access From deny all
request_header_access Server deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny all
request_header_access Proxy-Connection deny all
request_header_access X-Cache deny all
request_header_access X-Cache-Lookup deny all
request_header_access Via deny all
request_header_access Keep-Alive deny all
# SSL HTTP Listeners
https_port 168.250.1.2:443 accel protocol=https vhost
cert=/apps/squid/etc/ssl/sslcert.pem cafile=/apps/squid/etc/ssl/verisign.pem
defaultsite=site.com
# SSL Cache Peer
cache_peer 192.168.1.5 parent 443 0 proxy-only
originserver ssl name=pilot_ssl ssldomain=site.com sslflags=DONT_VERIFY_PEER
# SSL ACL
acl pilot_ssl_IP_acl myip
168.250.1.2
# SSL Cache Peer Access
cache_peer_access pilot_ssl allow pilot_ssl_IP_acl
port443
Squid was compiled in this manner:
./configure --prefix=/apps/squid3.3.9 --enable-icmp
--enable-ssl --with-openssl=/apps/ssl --disable-internal-dns --disable-ipv6
--with-large-files
--enable-external-acl-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,DB,squid_radius_auth
As I mentioned before, everything works just fine under
Squid 2.6.22 hitting the exact same back-end web server. However it
breaks on Squid 3.3.9 and Squid 3.3.10. Something appears to have changed
in the manner in which the connection/buffer/something functions between Squid
3.3.x and the back-end parent server that causes the hiccup with 6MB or larger
files. Attempted to change the timeout value on the back-end parent
server (IIS Windows) to 240 seconds, however all that did was cause the timeout
to happen at the 240 second mark rather than the default 120 second mark.
It is as if something causes a stall between Squid and IIS as the file
upload never actually make it to the back-end parent server. Again, this
functions just fine under Squid 2.6.22 so something is amiss.
Any assistance would be greatly appreciated to resolve or
further troubleshoot this issue. Thanks!
Received on Thu Nov 21 2013 - 16:51:06 MST
This archive was generated by hypermail 2.2.0 : Sat Nov 23 2013 - 12:00:04 MST