Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SQuid - TCP_MISS/503

    Scheduled Pinned Locked Moved Portuguese
    8 Posts 3 Posters 5.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pereira285
      last edited by

      Boa tarde

      Trabalho com o squid a bastante tempo e estou tendo problemas apos ter uma atualização no servidor de e-mail Zimbra que nos fornece serviço.
      Apresenta erro ERR_TUNNEL_CONNECTION_FAILED e no Log apresenta TCP_MISS/503.

      Caso alguém consiga me ajudar serei muito grato.

      Desde ja agradeço
      André Pereira

      1 Reply Last reply Reply Quote 0
      • A
        andr3.ribeiro
        last edited by

        https://forum.pfsense.org/index.php?topic=103546.0

        1 Reply Last reply Reply Quote 0
        • P
          pereira285
          last edited by

          Boa tarde andr3.ribeiro

          Cheguei a verificar as configurações do squid, porem onde ja esta configurado fica no /usr/local/pkg/squid.inc;
          Todas as configs estão batendo.
          E o mais estranho é que quando eu limpo o cache do navegador ele funciona por alguns instantes e depois para novamente.

          Teria mais alguma dica?

          Grato.

          1 Reply Last reply Reply Quote 0
          • J
            jvicente
            last edited by

            já colocou seu squid para não fazer cache no seu squid?

            1 Reply Last reply Reply Quote 0
            • A
              andr3.ribeiro
              last edited by

              TCP_MISS/503 significa que foi buscado o endereço no cache.
              Manda um print aí das suas confs de cache!

              1 Reply Last reply Reply Quote 0
              • J
                jvicente
                last edited by

                @jvicente:

                já colocou seu squid para não fazer cache no seu squid?

                adicione seu dominio ou o endereço do seu webmail para não fazer cache.

                1 Reply Last reply Reply Quote 0
                • P
                  pereira285
                  last edited by

                  Bom dia
                  Segue meu squid.conf

                  
# This file is automatically generated by pfSense
# Do not edit manually !

http_port 172.16.0.30:3128
icp_port 0
dns_v4_first on
pid_filename /var/run/squid/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language pt-br
icon_directory /usr/pbi/squid-i386/local/etc/squid/icons
visible_hostname ProxyOba
cache_mgr tidf@redeoba.com.br
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
netdb_filename /var/squid/logs/netdb.state
pinger_enable on
pinger_program /usr/pbi/squid-i386/local/libexec/squid/pinger

logfile_rotate 10
debug_options rotate=10
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  172.16.0.0/24
forwarded_for on
uri_whitespace strip

acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic

# Windows Update refresh_pattern
range_offset_limit -1
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims

# Symantec refresh_pattern
range_offset_limit -1
refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims

# Avast refresh_pattern
range_offset_limit -1
refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims

# Avira refresh_pattern
range_offset_limit -1
refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims

cache_mem 128 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 6000 128 256
minimum_object_size 0 KB
maximum_object_size 40000 KB
offline_mode off
cache_swap_low 70
cache_swap_high 95
cache allow all

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:    1440  20%  10080
refresh_pattern ^gopher:  1440  0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
refresh_pattern .    0  20%  4320

# No redirector configured

#Remote proxies

# Setup some default acls
# From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
# acl localhost src 127.0.0.1/32
acl allsrc src all
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 6099 3128 3127 1025-65535 
acl sslports port 443 563 6099 

# From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
#acl manager proto cache_object

acl purge method PURGE
acl connect method CONNECT

# Define protocols used for redirects
acl HTTP proto HTTP
acl HTTPS proto HTTPS
acl allowed_subnets src 192.168.100.0/24 192.168.35.0/24 192.168.160.0/24 192.168.7.0/24 192.168.51.0/24 192.168.50.0/24 192.168.53.0/24 192.168.10.0/24 192.168.5.0/24 192.168.11.0/24 192.168.9.0/24
acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
# From 3.2 further configuration cleanups have been done to make things easier and safer.
# The manager, localhost, and to_localhost ACL definitions are now built-in.
# http_access allow localhost

quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 128 KB
reply_body_max_size 40000 KB allsrc 
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allsrc

# Reverse Proxy settings

# Package Integration
url_rewrite_program /usr/pbi/squidguard-i386/bin/squidGuard -c /usr/pbi/squidguard-i386/etc/squidGuard/squidGuard.conf
url_rewrite_bypass off
url_rewrite_children 16 startup=8 idle=4 concurrency=0

# Custom options before auth

# Always allow access to whitelist domains
http_access allow whitelist
# Block access to blacklist domains
http_access deny blacklist
acl sglog url_regex -i sgr=ACCESSDENIED
http_access deny sglog
# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow allowed_subnets
http_access allow localnet
# Default block all to be sure
http_access deny allsrc
                  1 Reply Last reply Reply Quote 0
                  • P
                    pereira285
                    last edited by

                    Agradeço a ajuda dos srs jvicente e andr3.ribeiro.

                    Identificamos o problema e estava no servidor e e-mail onde estava com dos endereços IP.

                    Agradeço o esforço dos srs.

                    André Pereira

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.