On Wed, 13 Oct 2004, Matus UHLAR - fantomas wrote:
I'd try to find out which clients caused the problem and disable them
proxy access. afaik, this problem comes from badly configured
("overfirewalled") clients, and fixing them would be imho better than
turning half_closed_clients off
Unfortunately not the case. This has nothing or very little to do with firewalling.
When half_closed_clients is in it's default "on" Squid can not detect if a client aborted the connection or simply half-closed it until there is a response to send to the client. This makes a major difference when a frequently requested web site is unreachable as you will then get very many requests waiting for the web server to respond, and Squid can not detect that the clients have aborted their requests forcing Squid to keep all those connections until timeout (normally 2 minutes per request).
What is true is that with "half_closed_clients on" and over firewalled clients Squid will have a even harder time as it then may not even be able to detect the aborted connection in a timely fashion even when finally sending the response to the client. This occurs if the client firewall has expired the connection and the firewall is set to drop (not reset) unknown traffic. But in most cases the response is quite small allowing Squid to detatch from the connection making this only a worry for the TCP/IP stack of ths server where Squid runs.
Regards Henrik
