On 2/02/2013 1:42 p.m., Eliezer Croitoru wrote:
> On 2/2/2013 2:35 AM, Eliezer Croitoru wrote:
>> I was trying to access my /squid-internal-mgr/* and it seems to have a
>> problem.
>>
>> The visible host name is www1.home ip 192.168.10.1
>>
>> I have the proper acls to allow manager access and I get:
>> 1359765266.436 10002 192.168.10.100 TCP_MISS/408 0 GET
>> http://www1.home:3128/squid-internal-mgr/menu - HIER_NONE/- text/html
>>
>> And I get The connection was reset.
> Sorry missing part.
>
> When I am doing it using as forward proxy and use the url to the
> intercept port 3127 i'm getting into a loop:
> accessing: http://www1.home:3127/squid-internal-mgr/menu
>
> 1359765678.173 88894 192.168.10.100 TCP_MISS_ABORTED/000 0 GET
> http://www1.home:3127/squid-internal-mgr/menu - HIER_DIRECT/127.0.0.1 -
> 1359765678.269 88966 127.0.0.1 TCP_MISS_ABORTED/000 0 GET
> http://www1.home:3127/squid-internal-mgr/menu - HIER_DIRECT/127.0.0.1 -
> ........ sme miss abort for a very very long time =\
>
Ah. Interesting. The pattern is that it is supposed to be just the
visible_hostname value plus the internal manager path.
When you add port it breaks the visible_hostname to URL matching and
Squid relays it onwards to what it thinks is the origin server.
You should have the intercept port listened on by Squid firewalled so
direct connections to it cannot succeed. If you are using DROP to do
that you will see these timeouts, if you are using REJECT you will get a
fast fail result. If you don't have it firewalled properly the lopo
detectino in Squid should kick in.
PS. we had a proposal a while back to to visible_hostname matching per
listening port. But this breaks forwarding loop detection a bit.
Amos
Received on Sat Feb 02 2013 - 04:23:22 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 11 2013 - 12:01:34 MST