Re: [squid-users] TCP_MISS_ABORTED after upgrade to 3.2 form 3.1

From: dweimer <dweimer_at_dweimer.net>
Date: Wed, 23 Jan 2013 20:28:39 -0600

On 2013-01-23 17:05, dweimer wrote:
> On 2013-01-23 13:59, dweimer wrote:
>> On 2013-01-23 13:48, dweimer wrote:
>>> We are having an issue with a web based employment application form
>>> after upgrading our reverse proxy from 3.1.20 to 3.2.6. The proxy
>>> logs the following:
>>>
>>> 1358969527.735 300778 75.91.238.15 TCP_MISS/400 459 POST
>>> https://...
>>>
>>> Some do go through but very slowly, any ideas what would cause
>>> this?
>>>
>>> The form is a simple form on a Plone server with Apache 2.2.23 in
>>> between handling the HTTPS on the back end server.
>>
>> Oops, copied one of the few that works, instead of one of the many
>> that failed, the log that shows up when failed is at
>> TCP_MISS_ABORTED.
>>
>> 1358969226.938 63434 75.91.238.15 TCP_MISS_ABORTED/000 0 POST
>> https://...
>
> Another update, I have confirmed that uploads to our PHP based File
> Management Application (http://ajaxplorer.info) are also triggering
> the same problem. This is running on Apache 2.2.23 on the same
> server
> as the Squid application. I don't have any non HTTPS forms behind
> this reverse proxy to verify if the problem is only on the https side
> or not. We have verified that both applications work correctly when
> connecting directly to them and not going through the reverse proxy.
> I have also verified that it works fine using Squid 3.2.6 as a
> forward
> proxy on the client side when accessing the applications directly.
> So
> its something specific to the reverse proxy setup.
>
> There's just one https_port line:
>
> https_port 10.50.20.10:443 accel
> cert=/usr/local/etc/squid/certs/myserver.crt
> key=/usr/local/etc/squid/certs/myserver.key
> options=NO_SSLv2:NO_TLSv1:CIPHER_SERVER_PREFERENCE
> cipher=RC4:!MD5:!aNULL:!EDH defaultsite=www.mydefaultdomain.com
>
> I do have multiple SSL sites using a ucc certifcate, the cache peer
> lines look like the following, just different IPs,
> cache_peer_domains,
> and acache_peer_access lists:
>
> cache_peer 127.0.0.1 parent 443 0 ssl no-query no-digest
> no-netdb-exchange originserver name=local_ssl_parent
> sslcapath=/usr/local/share/certs sslflags=DONT_VERIFY_PEER
> cache_peer_domain local_ssl_parent www.mydefaultsite.com
> cache_peer_access local_ssl_parent allow defaultsite SSL
>
> Is there any type of maximum post size setting that could be causing
> this, I didn't see anything looking through the configuration
> options.
> All downloads appear to be fine, some forms to submit data work just
> fine, but those are very small forms. So I am wondering if there is
> some sort of post size limit I am hitting that didn't exist in the
> 3.1
> branch.

After more testing, creating a simple file upload form on with PHP, I
have traced it down to only HTTPS, works fine with HTTP, and only if the
post is over a certain size, haven't confirmed which size it breaks at,
I know 3.04k fails at and 2.2k works.

-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/
Received on Thu Jan 24 2013 - 02:28:47 MST

This archive was generated by hypermail 2.2.0 : Thu Jan 24 2013 - 12:00:04 MST