[squid-users] Squid intermittently not sending host header to peer

Michael Thomas michael.thomas.sw20 at gmail.com
Mon Sep 3 09:32:44 UTC 2018 

I'm trying to figure out this weird intermittent issue.

I have two squid servers running, non-caching, non-transparent.

Client -> Squid1 -> Squid2 -> Internet

All HTTPS requests work as expected, but randomly, about 50% of the time,
HTTP requests fail.

The reason for the failure is that the first squid server (Squid1) is not
correctly forwarding the request to the second. It is stripping away the
hostname, and obviously the second squid server has no clue what to do with
it then!

Refreshing either create or resolves the issue, again, seemingly at random.

The following is a copy of the access logs for two successful requests,
followed by a failure:

Squid1:
1535965629.452     81 3.3.3.3 TCP_MISS/200 5766 GET
http://redacted.com/messages/391/ - FIRSTUP_PARENT/2.2.2.2 text/html
1535965634.678     71 3.3.3.3 TCP_MISS/200 5759 GET
http://redacted.com/messages/391/ - FIRSTUP_PARENT/2.2.2.2 text/html
1535965636.673      1 3.3.3.3 TCP_MISS/400 4009 GET
http://redacted.com/messages/391/ - FIRSTUP_PARENT/2.2.2.2 text/html

Squid2:
1535965629.447     79 1.1.1.1 TCP_MISS/200 5673 GET
http://redacted.com/messages/391/ connect HIER_DIRECT/4.4.4.4 text/html
1535965634.673     68 1.1.1.1 TCP_MISS/200 5671 GET
http://redacted.com/messages/391/ connect HIER_DIRECT/4.4.4.4 text/html
1535965636.668      0 1.1.1.1 TAG_NONE/400 3916 GET /messages/391/ -
HIER_NONE/- text/html

squid.conf from Squid1:
http_port 3128 name=port_3128
http_access allow all
nonhierarchical_direct off

acl port_3128_acl myportname port_3128

always_direct deny port_3128_acl

never_direct allow port_3128_acl

# 3128
cache_peer 2.2.2.2 parent 3128 0 no-query proxy-only default  name=proxy3128
cache_peer_access proxy3128 allow port_3128_acl
cache_peer_access proxy3128 deny all

squid.conf from Squid2:
http_access allow all
http_port 3128

Where:
1.1.1.1: Squid1
2.2.2.2: Squid2
3.3.3.3: client
4.4.4.4: Web Server

I can't see any obvious error in my configuration, and the intermittent
nature of it makes me think it might be some sort of bug. I'd love to hear
if anyone else has run into this.

Kind Regards,
Michael Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180903/c48a6072/attachment-0001.html>

More information about the squid-users mailing list