[squid-users] Re: TCP_DENIED_REPLY/403

From: Andrei <funactivities_at_gmail.com>
Date: Fri, 29 Jul 2011 12:32:02 -0700

Ok. I got it fixed after reading the FAQ and changing the values to:
request_header_max_size 15824 KB
request_body_max_size 15824 KB
reply_header_max_size 15824 KB
reply_body_max_size 15824 KB

Is there any way to set these max_sizes to unlimited?

On Fri, Jul 29, 2011 at 12:06 PM, Andrei <funactivities_at_gmail.com> wrote:
> I'm getting this error message:
> http://yahoo.com/
> The requested URL could not be retrieved
> The request or reply is too large.
> If you are making a POST or PUT request, then the item you are trying
> to upload is too large.
> If you are making a GET request, then the item you are trying to
> download is too large.
>
> Squid access logs show:
> 1311965841.744 � � �0 176.16.0.161 TCP_DENIED_REPLY/403 3643 NONE
> error:request-too-large - NONE/- text/html
>
> I assume that reply_header_max_size are and �request_header_max_size
> are set by default to unlimited in v3m but adding manually
> reply_header_max_size 40 M and request_header_max_size 40 M still
> gives me the same error message.
>
> I'm running:
> Squid Cache: Version 3.1.6
> Debian stable 6.0.2.1
> DualXeon 3GhZ, 250GB SCSI, 4GB RAM
>
> Config file:
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl localnet src 172.16.0.0/21 �# RFC1918 possible internal network
> acl SSL_ports port 443
> acl Safe_ports port 80 � � � � �# http
> acl Safe_ports port 21 � � � � �# ftp
> acl Safe_ports port 443 � � � � # https
> acl Safe_ports port 70 � � � � �# gopher
> acl Safe_ports port 210 � � � � # wais
> acl Safe_ports port 1025-65535 �# unregistered ports
> acl Safe_ports port 280 � � � � # http-mgmt
> acl Safe_ports port 488 � � � � # gss-http
> acl Safe_ports port 591 � � � � # filemaker
> acl Safe_ports port 777 � � � � # multiling http
> acl CONNECT method CONNECT
> request_header_max_size 0
> request_body_max_size 0
> reply_header_max_size 0
> reply_body_max_size 0
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow localnet
> http_access allow all
> icp_access allow all
> htcp_access allow all
> http_port 3128 transparent
> hierarchy_stoplist cgi-bin ?
> cache_mem 1024 MB
> cache_dir ufs /var/spool/squid3 40960 16 256
> coredump_dir /var/spool/squid3
> refresh_pattern ^ftp: � � � � � 1440 � �20% � � 10080
> refresh_pattern ^gopher: � � � �1440 � �0% � � �1440
> refresh_pattern -i (/cgi-bin/|\?) 0 � � 0% � � �0
> refresh_pattern . � � � � � � � 0 � � � 40% � � 40320
> icp_port 0
> refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
> refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
> refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
> override-expire ignore-no-cache ignore-no-store ignore-private
> refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200
> 90% 432000 override-expire ignore-no-cache ignore-no-store
> ignore-private
> refresh_pattern -i
> \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200
> override-expire ignore-no-cache ignore-no-store ignore-private
>
Received on Fri Jul 29 2011 - 19:32:09 MDT

This archive was generated by hypermail 2.2.0 : Sat Jul 30 2011 - 12:00:02 MDT