Re: [squid-users] The server closed the connection without sending any data.

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 30 Jul 2011 12:02:25 +1200

On 30/07/11 09:49, Ragheb Rustom wrote:
> Hi Andrei,
>
> I think http_port should says the following as it is written in
> documentation that "transparent" use is being deprecated.
>
> So for transparent proxying this line should be as follows:
>
> http_port 3128 intercept
>
> As well you need to do some iptables configuration as just programming squid
> as being transparent by itself does not throw http traffic from clients
> transparently to squid.
>
> Please send your iptables configuration if possible to have a look.
>
> Sincerely,
>
> Ragheb Rustom
> Smart Telecom S.A.R.L
>
> -----Original Message-----
> From: Andrei [mailto:funactivities_at_gmail.com]
> Sent: Friday, July 29, 2011 11:22 PM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] The server closed the connection without sending any
> data.
>
> If proxy info is entered manually in the browser, caching works OK. If
> LAN clients are sent transparently to the proxy, an error message in
> Google Chrome:
> Error 324 The server closed the connection without sending any data.
> Mozilla Firefox displays a blank page.
> Strangely enough I don't see anything in the squid access.log when LAN
> clients are forced by the router to transparent cache...
>
> I'm running:
> Squid Cache: Version 3.1.6
> Debian stable 6.0.2.1
> DualXeon 3GhZ, 250GB SCSI, 4GB RAM
>
> Config file:
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl localnet src 172.16.0.0/21 # RFC1918 possible internal network
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> request_header_max_size 15824 KB
> request_body_max_size 15824 KB
> reply_header_max_size 15824 KB
> reply_body_max_size 15824 KB
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow localnet
> http_access allow all
> icp_access allow all

drop icp_access - feature is disabled.

> htcp_access allow all

drop htcp_access - feature is disabled.

> http_port 3128 transparent
> hierarchy_stoplist cgi-bin ?

drop this hierarchy_stoplist

> cache_mem 1024 MB
> cache_dir ufs /var/spool/squid3 40960 16 256
> coredump_dir /var/spool/squid3
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 40% 40320
> icp_port 0

remove icp_port - that is default.

> refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
> refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
> refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
> override-expire ignore-no-cache ignore-no-store ignore-private
> refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200
> 90% 432000 override-expire ignore-no-cache ignore-no-store
> ignore-private
> refresh_pattern -i
> \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200
> override-expire ignore-no-cache ignore-no-store ignore-private

Remove all these unusable refresh_pattens to simplify the config.

Or move them about the default "." pattern so they start to actually work.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for 3.2.0.10
Received on Sat Jul 30 2011 - 00:02:30 MDT

This archive was generated by hypermail 2.2.0 : Sat Jul 30 2011 - 12:00:02 MDT