[squid-users] cache peer problem with two squid one Tproxy --->normal Porxy
Amos Jeffries
squid3 at treenet.co.nz
Thu Nov 13 02:55:22 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 13/11/2014 7:39 p.m., Ahmed Allzaeem wrote:
> Hi amos
>
> I have changed the both hostnames on two servers :
>
> [root at tproxy ~]# hostname tproxy.com
>
>
> [root at parent ~]# hostname parent.com
>
>
Good.
> but , as I told u last time I can see traffic "miss" on the normal
> proxy , and "miss" on the tproxy server.
>
> But it says access denied from normal proxy
>
> I mean on the normal proxy "parent" there is only miss and no
> Denied hits , but it give me error access denid.
Just to double check. The access.log records a TCP_MISS/403 ?
That is a "Access denied" error coming from the origin server.
PS. DENIED is rejection. HIT is acceptance. A single proxy cannot
accept and reject at the same time.
>
> Also I made sure that the ip of tproxy is allowed by acl on the
> normal proxy"parent"
>
Good.
>
> Again , here is the cache log @ the parent proxy , still says a
> loop occurring :
>
> 2014/11/12 23:33:24 kid1| WARNING: Forwarding loop detected for:
> GET / HTTP/1.1
URL "/" is *not* a forward-proxy syntax URL. It is an origin server
syntax URL.
This URL syntax should only ever be seen as the first (tproxy)
configured proxy. Never at the parent. For the parent to receive this
message syntax is an "Invalid Request" error.
This is therefore very, very strange.
> Host: abc.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
> rv:33.0) Gecko/20100101 Firefox/33.0 Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Via:
> 1.1 squid (squid/3.4.3)
Notice how this is neither "tproxy.com" nor "parent.com" which your
hostname is set to.
Lets try the shortcut for now and set visible_hostname in both proxies
to the relevant tproxy.com//parent.com/
> X-Forwarded-For: 176.58.79.248 Cache-Control: max-age=259200
> Connection: keep-alive
>
The *only* ways a normal forward-proxy parent could be recording
forwarding loops is:
1) Via header already contains its hostname.
2) the URL domain:port resolves in DNS to the proxy listening IP:port.
3) the parent proxy is configured to use itself as a cache_peer.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUZB2aAAoJELJo5wb/XPRjV7AIAI6OZaoaftNd2QoTVHb/6FB8
9rFKQLc1zRfLHTBCO0QM1tq4eph751Gk0SFnzzr0gNw9Mzbg6Tkbkrtkt1jtu33m
I0dQ5YOzJpcYhuZ1ufXoMXjV1ihcw33BQit1w80QV/rclQqlYSqMcHXfK1t0bR5n
B4oplYBSVxZ+1ttAAUFdVNp//yT7vrNGQezudEsxhkvqOpiaajZcIK5S3AT8msi1
/TYtOoWhVa/nkZDUxMa/BGzAaeq2SED/RQdgCZcCrvCRfbahzFc4nGAtcDho0HVZ
yFIYCN5vmEhYfg/0kEkLj4jgiJA9VpfwTOdAX9lGPEHGzO36f8h94lFZoPEFMJU=
=+YST
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list