Squid Logs - TAG_NONE/503 errors

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid Logs - TAG_NONE/503 errors

Arjun K
Hi Team

Can you please let us know what this error means - TAG_NONE/503 in the access logs.
Some times, I get the above error for all the URLs and no one is able to reach the internet and now I am facing the issue only for specific URLs.

The concern is that the issue gets automatically solved without making any changes to any configuration and it comes back again and again and it gets resolved.


The below is the configuration in the proxy server.

###IP Ranges

acl localnet src "/etc/squid/linux_server.txt"
acl localnet src "/etc/squid/server_allowed.txt"


### URL - Allow / Deny

acl allowedurl dstdomain "/etc/squid/allowed_url.txt"
acl denylist dstdomain "/etc/squid/denylist.txt"

acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl CONNECT method CONNECT

http_access deny denylist
http_access deny !Safe_ports
http_access allow allowedurl

http_access allow localhost manager
http_access deny manager

http_access allow localnet
http_access allow localhost
http_access deny all

http_port 8080

cache_dir ufs /var/spool/squid 10000 16 256
coredump_dir /var/spool/squid

refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320


Could you please let me know what causes these issues and how to give a permanent fix.


Regards
Arjun K.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid Logs - TAG_NONE/503 errors

Alex Rousskov
On 3/10/21 8:15 AM, Arjun K wrote:
> Can you please let us know what this error means - TAG_NONE/503 in the
> access logs.

Most likely, Squid generated an error response and sent that to the
client. The response was probably generated before Squid made the cache
hit/miss decision.

In modern Squids, adding %err_code/%err_detail to your custom logformat
definition may help detail the error further in some cases. In all
Squids, looking at the Squid error response itself may help detail the
error further.


HTH,

Alex.


> Some times, I get the above error for all the URLs and no one is able to
> reach the internet and now I am facing the issue only for specific URLs.
>
> The concern is that the issue gets automatically solved without making
> any changes to any configuration and it comes back again and again and
> it gets resolved.
>
>
> The below is the configuration in the proxy server.
>
> ###IP Ranges
>
> acl localnet src "/etc/squid/linux_server.txt"
> acl localnet src "/etc/squid/server_allowed.txt"
>
>
> ### URL - Allow / Deny
>
> acl allowedurl dstdomain "/etc/squid/allowed_url.txt"
> acl denylist dstdomain "/etc/squid/denylist.txt"
>
> acl Safe_ports port 80 # http
> acl Safe_ports port 443 # https
> acl CONNECT method CONNECT
>
> http_access deny denylist
> http_access deny !Safe_ports
> http_access allow allowedurl
>
> http_access allow localhost manager
> http_access deny manager
>
> http_access allow localnet
> http_access allow localhost
> http_access deny all
>
> http_port 8080
>
> cache_dir ufs /var/spool/squid 10000 16 256
> coredump_dir /var/spool/squid
>
> refresh_pattern -i
> windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320
> 80% 43200 reload-into-ims
> refresh_pattern -i
> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims
> refresh_pattern -i
> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       20%     4320
>
>
> Could you please let me know what causes these issues and how to give a
> permanent fix.
>
>
> Regards
> Arjun K.
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid Logs - TAG_NONE/503 errors

Arjun K
Hi Alex/Team

The end user are receiving an error in the browser stating : "The site can't be reached"and " <URL> took long time to respond ".
So can you assist me to include the custom log format which will provide further details.

[Thu Mar 11 11:02:15 2021].001 119629 10.197.10.140 TAG_NONE/503 0 CONNECT <URL>.amazoncognito.com:443 - HIER_NONE/- -



Regards
Arjun K.

On Wednesday, 10 March, 2021, 07:50:00 pm IST, Alex Rousskov <[hidden email]> wrote:


On 3/10/21 8:15 AM, Arjun K wrote:
> Can you please let us know what this error means - TAG_NONE/503 in the
> access logs.

Most likely, Squid generated an error response and sent that to the
client. The response was probably generated before Squid made the cache
hit/miss decision.

In modern Squids, adding %err_code/%err_detail to your custom logformat
definition may help detail the error further in some cases. In all
Squids, looking at the Squid error response itself may help detail the
error further.


HTH,

Alex.



> Some times, I get the above error for all the URLs and no one is able to
> reach the internet and now I am facing the issue only for specific URLs.
>
> The concern is that the issue gets automatically solved without making
> any changes to any configuration and it comes back again and again and
> it gets resolved.
>
>
> The below is the configuration in the proxy server.
>
> ###IP Ranges
>
> acl localnet src "/etc/squid/linux_server.txt"
> acl localnet src "/etc/squid/server_allowed.txt"
>
>
> ### URL - Allow / Deny
>
> acl allowedurl dstdomain "/etc/squid/allowed_url.txt"
> acl denylist dstdomain "/etc/squid/denylist.txt"
>
> acl Safe_ports port 80 # http
> acl Safe_ports port 443 # https
> acl CONNECT method CONNECT
>
> http_access deny denylist
> http_access deny !Safe_ports
> http_access allow allowedurl
>
> http_access allow localhost manager
> http_access deny manager
>
> http_access allow localnet
> http_access allow localhost
> http_access deny all
>
> http_port 8080
>
> cache_dir ufs /var/spool/squid 10000 16 256
> coredump_dir /var/spool/squid
>
> refresh_pattern -i
> windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320
> 80% 43200 reload-into-ims
> refresh_pattern -i
> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims
> refresh_pattern -i
> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       20%     4320
>
>
> Could you please let me know what causes these issues and how to give a
> permanent fix.
>
>
> Regards
> Arjun K.

>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid Logs - TAG_NONE/503 errors

Amos Jeffries
Administrator
On 11/03/21 11:33 pm, Arjun K wrote:

> Hi Alex/Team
>
> The end user are receiving an error in the browser stating : "The site
> can't be reached"and " <URL> took long time to respond ".
> So can you assist me to include the custom log format which will provide
> further details.
>
> [Thu Mar 11 11:02:15 2021].001 119629 10.197.10.140 TAG_NONE/503 0
> CONNECT <URL>.amazoncognito.com:443 - HIER_NONE/- -
>

First issue, "why does the error page get produced?"

1) that log entry says that Squid waited 119.6 seconds for the server
TCP connection to be setup. Before giving up and sending the client a
503 message.


Second issue, "why is the server connection so slow?"

A) There should not be a *URL* in the *domain name* part of CONNECT
requests. If that really is a URL instead of a hostname, that is very
likely your problem.

B) what happens in the network outside of Squid can have many different
effects on speed of TCP connection setup. Or packet loss can prevent
connections being setup at all.

C) problems with DNS server(s) can add to the delays during server
connection opening. That ranges from problems connecting to the DNS
server(s), outdated records being returned by them, and again packet
loss and general network conditions affecting DNS delivery time.



FWIW, your config has some issues. But nothing that would cause or
related to the problem you are having.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid Logs - TAG_NONE/503 errors

Alex Rousskov
In reply to this post by Arjun K
On 3/11/21 5:33 AM, Arjun K wrote:

> So can you assist me to include the custom log format which will provide
> further details.

If you still want to add these details after reading Amos response, then
please see logformat and access_log directives in squid.conf.documented:

* logformat description has examples of defining formats. You just need
to add the %codes I mentioned. Disclaimer: I do not know whether your
Squid supports those %codes and whether your Squid will populate those
%codes with useful information in your specific use case.

* access_log description has an example of specifying the format when
configuring access.log. You just need to use your custom format name
instead of "squid".


HTH,

Alex.


> In modern Squids, adding %err_code/%err_detail to your custom logformat
> definition may help detail the error further in some cases. In all
> Squids, looking at the Squid error response itself may help detail the
> error further.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users