[squid-users] Re: TCP_DENIED_REPLY/403

From: Andrei <funactivities_at_gmail.com>
Date: Fri, 29 Jul 2011 12:32:02 -0700

Ok. I got it fixed after reading the FAQ and changing the values to:
request_header_max_size 15824 KB
request_body_max_size 15824 KB
reply_header_max_size 15824 KB
reply_body_max_size 15824 KB

Is there any way to set these max_sizes to unlimited?

On Fri, Jul 29, 2011 at 12:06 PM, Andrei <funactivities_at_gmail.com> wrote:
> I'm getting this error message:
> http://yahoo.com/
> The requested URL could not be retrieved
> The request or reply is too large.
> If you are making a POST or PUT request, then the item you are trying
> to upload is too large.
> If you are making a GET request, then the item you are trying to
> download is too large.
>
> Squid access logs show:
> 1311965841.744      0 176.16.0.161 TCP_DENIED_REPLY/403 3643 NONE
> error:request-too-large - NONE/- text/html
>
> I assume that reply_header_max_size are and  request_header_max_size
> are set by default to unlimited in v3m but adding manually
> reply_header_max_size 40 M and request_header_max_size 40 M still
> gives me the same error message.
>
> I'm running:
> Squid Cache: Version 3.1.6
> Debian stable 6.0.2.1
> DualXeon 3GhZ, 250GB SCSI, 4GB RAM
>
> Config file:
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl localnet src 172.16.0.0/21  # RFC1918 possible internal network
> acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443         # https
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
> request_header_max_size 0
> request_body_max_size 0
> reply_header_max_size 0
> reply_body_max_size 0
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow localnet
> http_access allow all
> icp_access allow all
> htcp_access allow all
> http_port 3128 transparent
> hierarchy_stoplist cgi-bin ?
> cache_mem 1024 MB
> cache_dir ufs /var/spool/squid3 40960 16 256
> coredump_dir /var/spool/squid3
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       40%     40320
> icp_port 0
> refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
> refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
> refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
> override-expire ignore-no-cache ignore-no-store ignore-private
> refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200
> 90% 432000 override-expire ignore-no-cache ignore-no-store
> ignore-private
> refresh_pattern -i
> \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200
> override-expire ignore-no-cache ignore-no-store ignore-private
>
Received on Fri Jul 29 2011 - 19:32:09 MDT

This archive was generated by hypermail 2.2.0 : Sat Jul 30 2011 - 12:00:02 MDT