Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SQuid - TCP_MISS/503

    Scheduled Pinned Locked Moved Portuguese
    8 Posts 3 Posters 5.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pereira285
      last edited by

      Boa tarde

      Trabalho com o squid a bastante tempo e estou tendo problemas apos ter uma atualização no servidor de e-mail Zimbra que nos fornece serviço.
      Apresenta erro ERR_TUNNEL_CONNECTION_FAILED e no Log apresenta TCP_MISS/503.

      Caso alguém consiga me ajudar serei muito grato.

      Desde ja agradeço
      André Pereira

      1 Reply Last reply Reply Quote 0
      • A
        andr3.ribeiro
        last edited by

        https://forum.pfsense.org/index.php?topic=103546.0

        1 Reply Last reply Reply Quote 0
        • P
          pereira285
          last edited by

          Boa tarde andr3.ribeiro

          Cheguei a verificar as configurações do squid, porem onde ja esta configurado fica no /usr/local/pkg/squid.inc;
          Todas as configs estão batendo.
          E o mais estranho é que quando eu limpo o cache do navegador ele funciona por alguns instantes e depois para novamente.

          Teria mais alguma dica?

          Grato.

          1 Reply Last reply Reply Quote 0
          • J
            jvicente
            last edited by

            já colocou seu squid para não fazer cache no seu squid?

            1 Reply Last reply Reply Quote 0
            • A
              andr3.ribeiro
              last edited by

              TCP_MISS/503 significa que foi buscado o endereço no cache.
              Manda um print aí das suas confs de cache!

              1 Reply Last reply Reply Quote 0
              • J
                jvicente
                last edited by

                @jvicente:

                já colocou seu squid para não fazer cache no seu squid?

                adicione seu dominio ou o endereço do seu webmail para não fazer cache.

                1 Reply Last reply Reply Quote 0
                • P
                  pereira285
                  last edited by

                  Bom dia
                  Segue meu squid.conf

                  
                  # This file is automatically generated by pfSense
                  # Do not edit manually !
                  
                  http_port 172.16.0.30:3128
                  icp_port 0
                  dns_v4_first on
                  pid_filename /var/run/squid/squid.pid
                  cache_effective_user proxy
                  cache_effective_group proxy
                  error_default_language pt-br
                  icon_directory /usr/pbi/squid-i386/local/etc/squid/icons
                  visible_hostname ProxyOba
                  cache_mgr tidf@redeoba.com.br
                  access_log /var/squid/logs/access.log
                  cache_log /var/squid/logs/cache.log
                  cache_store_log none
                  netdb_filename /var/squid/logs/netdb.state
                  pinger_enable on
                  pinger_program /usr/pbi/squid-i386/local/libexec/squid/pinger
                  
                  logfile_rotate 10
                  debug_options rotate=10
                  shutdown_lifetime 3 seconds
                  # Allow local network(s) on interface(s)
                  acl localnet src  172.16.0.0/24
                  forwarded_for on
                  uri_whitespace strip
                  
                  acl dynamic urlpath_regex cgi-bin \?
                  cache deny dynamic
                  
                  # Windows Update refresh_pattern
                  range_offset_limit -1
                  refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
                  refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
                  refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
                  
                  # Symantec refresh_pattern
                  range_offset_limit -1
                  refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
                  refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
                  
                  # Avast refresh_pattern
                  range_offset_limit -1
                  refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims
                  
                  # Avira refresh_pattern
                  range_offset_limit -1
                  refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims
                  
                  cache_mem 128 MB
                  maximum_object_size_in_memory 32 KB
                  memory_replacement_policy heap GDSF
                  cache_replacement_policy heap LFUDA
                  cache_dir ufs /var/squid/cache 6000 128 256
                  minimum_object_size 0 KB
                  maximum_object_size 40000 KB
                  offline_mode off
                  cache_swap_low 70
                  cache_swap_high 95
                  cache allow all
                  
                  # Add any of your own refresh_pattern entries above these.
                  refresh_pattern ^ftp:    1440  20%  10080
                  refresh_pattern ^gopher:  1440  0%  1440
                  refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
                  refresh_pattern .    0  20%  4320
                  
                  # No redirector configured
                  
                  #Remote proxies
                  
                  # Setup some default acls
                  # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
                  # acl localhost src 127.0.0.1/32
                  acl allsrc src all
                  acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 6099 3128 3127 1025-65535 
                  acl sslports port 443 563 6099 
                  
                  # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
                  #acl manager proto cache_object
                  
                  acl purge method PURGE
                  acl connect method CONNECT
                  
                  # Define protocols used for redirects
                  acl HTTP proto HTTP
                  acl HTTPS proto HTTPS
                  acl allowed_subnets src 192.168.100.0/24 192.168.35.0/24 192.168.160.0/24 192.168.7.0/24 192.168.51.0/24 192.168.50.0/24 192.168.53.0/24 192.168.10.0/24 192.168.5.0/24 192.168.11.0/24 192.168.9.0/24
                  acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
                  acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
                  http_access allow manager localhost
                  
                  http_access deny manager
                  http_access allow purge localhost
                  http_access deny purge
                  http_access deny !safeports
                  http_access deny CONNECT !sslports
                  
                  # Always allow localhost connections
                  # From 3.2 further configuration cleanups have been done to make things easier and safer.
                  # The manager, localhost, and to_localhost ACL definitions are now built-in.
                  # http_access allow localhost
                  
                  quick_abort_min 0 KB
                  quick_abort_max 0 KB
                  request_body_max_size 128 KB
                  reply_body_max_size 40000 KB allsrc 
                  delay_pools 1
                  delay_class 1 2
                  delay_parameters 1 -1/-1 -1/-1
                  delay_initial_bucket_level 100
                  delay_access 1 allow allsrc
                  
                  # Reverse Proxy settings
                  
                  # Package Integration
                  url_rewrite_program /usr/pbi/squidguard-i386/bin/squidGuard -c /usr/pbi/squidguard-i386/etc/squidGuard/squidGuard.conf
                  url_rewrite_bypass off
                  url_rewrite_children 16 startup=8 idle=4 concurrency=0
                  
                  # Custom options before auth
                  
                  # Always allow access to whitelist domains
                  http_access allow whitelist
                  # Block access to blacklist domains
                  http_access deny blacklist
                  acl sglog url_regex -i sgr=ACCESSDENIED
                  http_access deny sglog
                  # Setup allowed acls
                  # Allow local network(s) on interface(s)
                  http_access allow allowed_subnets
                  http_access allow localnet
                  # Default block all to be sure
                  http_access deny allsrc
                  
                  
                  1 Reply Last reply Reply Quote 0
                  • P
                    pereira285
                    last edited by

                    Agradeço a ajuda dos srs jvicente e andr3.ribeiro.

                    Identificamos o problema e estava no servidor e e-mail onde estava com dos endereços IP.

                    Agradeço o esforço dos srs.

                    André Pereira

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.