Problem: Squid Proxy Service Intermittently Unavailable Due to Parent Proxy Digest Errors

Knowledge Base Community
, , , ,
1

Problem

A customer is experiencing intermittent issues with the squid.proxy service. The service sporadically refuses to handle requests, which results in the downstream parent (main) proxy becoming unreachable. As a consequence, no internet connection can be established during these periods.

The following log message can be observed:

temporary disabling (Forbidden) digest from <parent-proxy>

Root Cause

The log message temporary disabling (Forbidden) digest from <parent-proxy> is the key indicator of the problem.

The local Squid proxy attempts to retrieve a cache digest from the parent proxy. Cache digests are used by Squid to determine which objects are already cached on the parent proxy.

However, the parent proxy responds with HTTP 403 Forbidden, denying access to the cache digest.

Squid interprets this response as a peer error and therefore temporarily disables communication with the parent proxy, which leads to the observed connectivity issues.

Solution

The parent proxy configuration must be reviewed and adjusted to prevent Squid from requesting cache digests.

Step 1: Verify Parent Proxy Configuration

Check the current Squid parent proxy settings using:

ucr search --brief squid/parent

Ensure that:

  • squid/parent/host contains the correct hostname of the parent proxy

Step 2: Disable Cache Digest Requests

The cache digest request can be disabled by setting the no-digest option for the parent proxy.

This is done via the following UCR setting:

ucr set squid/parent/options='no-digest default'

Step 3: Restart the Squid Service

Apply the changes by restarting Squid:

systemctl restart squid.service

Expected Result

  • Squid no longer attempts to fetch cache digests from the parent proxy
  • No more digest errors in the logs
  • Stable communication with the parent proxy
  • Reliable internet connectivity restored across all affected servers

Additional Notes

Disabling cache digests does not negatively impact basic proxy functionality. It only affects Squid’s ability to optimize cache usage across proxies, which is acceptable in this scenario to ensure stability.

3

This topic was automatically closed after 24 hours. New replies are no longer allowed.