Re: [squid-users] Squid gives 503 Service Unavailable for a known working service

From: Jakob Curdes <jc_at_info-systems.de>
Date: Tue, 24 Aug 2010 16:29:07 +0200

I suppose that the origin server reacts strangely on the information
passed by squid. remember that the fact that a proxy is in the path is
normally detectable for the origin server via the request headers.
Perhaps you can try to play with header_access, but be carefull you may
easily "repair" access to this site while breaking others....

JC

Am 24.08.2010 14:44, schrieb J5K:
> Dear all,
>
> I have encountered a problem with our Squid server, where it does
> not seem to proxy a certain connection. The problem appeared on the
> 19th August. The last configuration change on the squid server was on
> the 16th. I rolled back the change, but it did not solve the problem,
> although, the change was unrelated. A diff between the current and
> previous squid.conf files did not show anything relevant.
>
> The server named t2nl-app301 has this entry in the squid.conf
> acl t2nl-app301 src 10.205.8.193/255.255.255.255
> http_access allow t2nl-app301
>
> All HTTP requests sent via the squid service successfully proxied except
> one.
> t2nl-app301 -> Squid service -> Chaos : squid always passes back a
> 503 Service unavailable.
>
> Summary of tests:
> A direct connection (no proxy used) from t2nl-app301 -> Chaos : result
> 401.
> A direct connection (no proxy used) from Squid server -> Chaos :
> result 401.
> A connection using the proxy, from Squid server -> Chaos: result 503.
> A connection using the proxy, from t2nl-app301 -> Chaos : result 503.
>
> A tcpdump of the proxied connection between:
> t2nl-app301 -> Squid service -> Chaos connection
> shows the conection from t2nl-ap301 to Squid server, but no packets are
> sent from Squid server to Chaos.
> There is an entry in the access.log that reads:
> 10.205.8.193 - - [24/Aug/2010:14:38:03 +0200] "GET
> http://chaos:5780/invoke/VTEMS.Flows/receive HTTP/1.0" 503 1596
> TCP_MISS:NONE
>
> I am at a loss of how to diagnose this problem. Has anyone got any
> ideas of where I should look? I do not see how this could be a firewall
> problem because one can telnet onto the port from the Squid server and
> get a responce.
>
> Regards, JK.
>
>
Received on Tue Aug 24 2010 - 14:29:17 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 24 2010 - 12:00:03 MDT