SQuid - TCP_MISS/503



  • Boa tarde

    Trabalho com o squid a bastante tempo e estou tendo problemas apos ter uma atualização no servidor de e-mail Zimbra que nos fornece serviço.
    Apresenta erro ERR_TUNNEL_CONNECTION_FAILED e no Log apresenta TCP_MISS/503.

    Caso alguém consiga me ajudar serei muito grato.

    Desde ja agradeço
    André Pereira





  • Boa tarde andr3.ribeiro

    Cheguei a verificar as configurações do squid, porem onde ja esta configurado fica no /usr/local/pkg/squid.inc;
    Todas as configs estão batendo.
    E o mais estranho é que quando eu limpo o cache do navegador ele funciona por alguns instantes e depois para novamente.

    Teria mais alguma dica?

    Grato.



  • já colocou seu squid para não fazer cache no seu squid?



  • TCP_MISS/503 significa que foi buscado o endereço no cache.
    Manda um print aí das suas confs de cache!



  • @jvicente:

    já colocou seu squid para não fazer cache no seu squid?

    adicione seu dominio ou o endereço do seu webmail para não fazer cache.



  • Bom dia
    Segue meu squid.conf

    
    # This file is automatically generated by pfSense
    # Do not edit manually !
    
    http_port 172.16.0.30:3128
    icp_port 0
    dns_v4_first on
    pid_filename /var/run/squid/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_default_language pt-br
    icon_directory /usr/pbi/squid-i386/local/etc/squid/icons
    visible_hostname ProxyOba
    cache_mgr tidf@redeoba.com.br
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    netdb_filename /var/squid/logs/netdb.state
    pinger_enable on
    pinger_program /usr/pbi/squid-i386/local/libexec/squid/pinger
    
    logfile_rotate 10
    debug_options rotate=10
    shutdown_lifetime 3 seconds
    # Allow local network(s) on interface(s)
    acl localnet src  172.16.0.0/24
    forwarded_for on
    uri_whitespace strip
    
    acl dynamic urlpath_regex cgi-bin \?
    cache deny dynamic
    
    # Windows Update refresh_pattern
    range_offset_limit -1
    refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    
    # Symantec refresh_pattern
    range_offset_limit -1
    refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
    refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
    
    # Avast refresh_pattern
    range_offset_limit -1
    refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims
    
    # Avira refresh_pattern
    range_offset_limit -1
    refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims
    
    cache_mem 128 MB
    maximum_object_size_in_memory 32 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir ufs /var/squid/cache 6000 128 256
    minimum_object_size 0 KB
    maximum_object_size 40000 KB
    offline_mode off
    cache_swap_low 70
    cache_swap_high 95
    cache allow all
    
    # Add any of your own refresh_pattern entries above these.
    refresh_pattern ^ftp:    1440  20%  10080
    refresh_pattern ^gopher:  1440  0%  1440
    refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
    refresh_pattern .    0  20%  4320
    
    # No redirector configured
    
    #Remote proxies
    
    # Setup some default acls
    # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
    # acl localhost src 127.0.0.1/32
    acl allsrc src all
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 6099 3128 3127 1025-65535 
    acl sslports port 443 563 6099 
    
    # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
    #acl manager proto cache_object
    
    acl purge method PURGE
    acl connect method CONNECT
    
    # Define protocols used for redirects
    acl HTTP proto HTTP
    acl HTTPS proto HTTPS
    acl allowed_subnets src 192.168.100.0/24 192.168.35.0/24 192.168.160.0/24 192.168.7.0/24 192.168.51.0/24 192.168.50.0/24 192.168.53.0/24 192.168.10.0/24 192.168.5.0/24 192.168.11.0/24 192.168.9.0/24
    acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
    acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
    http_access allow manager localhost
    
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    
    # Always allow localhost connections
    # From 3.2 further configuration cleanups have been done to make things easier and safer.
    # The manager, localhost, and to_localhost ACL definitions are now built-in.
    # http_access allow localhost
    
    quick_abort_min 0 KB
    quick_abort_max 0 KB
    request_body_max_size 128 KB
    reply_body_max_size 40000 KB allsrc 
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow allsrc
    
    # Reverse Proxy settings
    
    # Package Integration
    url_rewrite_program /usr/pbi/squidguard-i386/bin/squidGuard -c /usr/pbi/squidguard-i386/etc/squidGuard/squidGuard.conf
    url_rewrite_bypass off
    url_rewrite_children 16 startup=8 idle=4 concurrency=0
    
    # Custom options before auth
    
    # Always allow access to whitelist domains
    http_access allow whitelist
    # Block access to blacklist domains
    http_access deny blacklist
    acl sglog url_regex -i sgr=ACCESSDENIED
    http_access deny sglog
    # Setup allowed acls
    # Allow local network(s) on interface(s)
    http_access allow allowed_subnets
    http_access allow localnet
    # Default block all to be sure
    http_access deny allsrc
    
    


  • Agradeço a ajuda dos srs jvicente e andr3.ribeiro.

    Identificamos o problema e estava no servidor e e-mail onde estava com dos endereços IP.

    Agradeço o esforço dos srs.

    André Pereira


Log in to reply