[squid-users] Squid error : ERR_CONNECT_FAIL, TAG_NONE/503 & TCP_MISS/503

[hoje]

Hi,

I have installed squid 3.5.24 and have enable option '--enable-ssl'
'--enable-ssl-crtd' and '--with-openssl’. Im using debian 8.7. Im want to
use this squid to filter http & https traffic. I have no problem filtering
http/https when using it with <10 users. If i connect it to 200+ users, i
will get lots of ERR_CONNECT_FAIL, TAG_NONE/503 & TCP_MISS/503 in less than
10 minutes. Need some advice. Thank you.


My squid.conf
——————

max_filedesc 65535
dns_v4_first on
request_timeout 5 minutes 


acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines
#acl SSL_ports port 443
acl SSL_ports port 443 563 1863 5190 5222 5050 6667
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports 


http_access allow localhost manager
http_access allow localnet manager
http_access deny manager

#http_access deny to_localhost

http_access allow localnet
http_access allow localhost

http_access deny all

http_port 0.0.0.0:3128 intercept
http_port 0.0.0.0:3130
https_port 0.0.0.0:3129 intercept ssl-bump connection-auth=off
cert=/etc/squid/squidCA.pem


cache_mem 512 MB
always_direct allow all
#sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
acl blocked ssl::server_name  "/etc/squid/tah.txt" 
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump terminate blocked 
ssl_bump splice all
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB


cache_dir ufs /var/spool/squid 15360 16 256
cache_swap_low 87
cache_swap_high 90

coredump_dir /var/spool/squid


refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

——————————
My cachemgr:info
- - - - - -  - - - - - - - -  
Squid Object Cache: Version 3.5.24
Build Info: 
Service Name: squid
Start Time:     Thu, 27 Apr 2017 09:25:20 GMT
Current Time:   Thu, 27 Apr 2017 09:43:30 GMT
Connection information for squid:
        Number of clients accessing cache:      228
        Number of HTTP requests received:       15757
        Number of ICP messages received:        0
        Number of ICP messages sent:    0
        Number of queued ICP replies:   0
        Number of HTCP messages received:       0
        Number of HTCP messages sent:   0
        Request failure ratio:   0.00
        Average HTTP requests per minute since start:   866.7
        Average ICP messages per minute since start:    0.0
        Select loop called: 292181 times, 3.733 ms avg
Cache information for squid:
        Hits as % of all requests:      5min: 0.1%, 60min: 0.1%
        Hits as % of bytes sent:        5min: 100.0%, 60min: 99.8%
        Memory hits as % of hit requests:       5min: 52.9%, 60min: 55.6%
        Disk hits as % of hit requests: 5min: 47.1%, 60min: 44.4%
        Storage Swap size:      13683904 KB
        Storage Swap capacity:  87.0% used, 13.0% free
        Storage Mem size:       2104 KB
        Storage Mem capacity:    1.6% used, 98.4% free
        Mean Object Size:       15.44 KB
        Requests given to unlinkd:      0
Median Service Times (seconds)  5 min    60 min:
        HTTP Requests (All):  57.44813 57.44813
        Cache Misses:         28.47649 10.20961
        Cache Hits:            0.00000  0.00102
        Near Hits:             0.00000  0.00000
        Not-Modified Replies:  0.00000  0.00000
        DNS Lookups:           0.00860  0.00860
        ICP Queries:           0.00000  0.00000
Resource usage for squid:
        UP Time:        1090.832 seconds
        CPU Time:       128.728 seconds
        CPU Usage:      11.80%
        CPU Usage, 5 minute avg:        26.31%
        CPU Usage, 60 minute avg:       11.76%
        Maximum Resident Size: 3929760 KB
        Page faults with physical i/o: 85
Memory accounted for:
        Total accounted:       183695 KB
        memPoolAlloc calls:   3003099
        memPoolFree calls:    3027675
File descriptor usage for squid:
        Maximum number of file descriptors:   65535
        Largest file desc currently in use:   2691
        Number of file desc currently in use: 2405
        Files queued for open:                   0
        Available number of file descriptors: 63130
        Reserved number of file descriptors:   100
        Store Disk files open:                   0
Internal Data Structures:
        887622 StoreEntries
          1623 StoreEntries with MemObjects
            55 Hot Object Cache Items
        886002 on-disk objects



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-error-ERR-CONNECT-FAIL-TAG-NONE-503-TCP-MISS-503-tp4682334.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users