Occasional redirector failure - gives a DENIED in the logs

From: Armistead, Jason <ARMISTEJ@dont-contact.us>
Date: Sun, 08 Mar 1998 17:46:00 -0500


Scenario is Squid 1.1.11 (yes it's old I know, but it works), with
Proxy-Auth patch installed. Solaris 2.5.1 with GNU C 600Mb
cache size and 256Mb RAM. No other applications running on the box,
just a bit of NFS from time to time and a VERY lightly loaded Apache
server (< 100 hits / day).

We're running 5 redirectors, written in Perl, as follows:

 while (<>) {

As most readers will figure out, we're just changing certain IP
addresses to their well-known host names. This means that we can simply
use a local_domain rather than a local_ip entry in the configuration
file (the local domain suffix xxx.yyy.zzz gets added on OK as the
"default" domain). Use of non-local-domain hosts requires that the user
enter a username and password (proxy-auth patch running)

From time to time, users browsing from links on other INTRAnet sites
will occasionally click on a link back to our local servers which has
the IP address. So, the redirector SHOULD then convert it to a host
name (which is logged in the access.log file), and thus avoid needing a
username & password (or so the theory goes).

Most of the time it works brilliantly, but occasionally, it still pops
up the username/password box, as if the proxy wants authentication (the
dialog box does NOT ask for authentication at the server specified in
the requested URL - that is certain).

I looked at the redirector stats

                       stats/redirector: OZM06:8080
   dated Thu Mar 5 11:32:31 1998

Redirector Statistics:
requests: 169307
replies: 169306
queue length: 0
avg service time: 1 msec
number of redirectors: 5
use histogram:
    redirector #1: 159079 (159079 rewrites)
    redirector #2: 7794 (7794 rewrites)
    redirector #3: 1760 (1760 rewrites)
    redirector #4: 506 (506 rewrites)
    redirector #5: 168 (168 rewrites)

Which looks OK to me. I'm not sure why there's a discrepancy of one
between the requests and the replies (presumably this is because the
cachemgr "cache_object" query is still in progress and thus not fully
replied to - anyone comment / is this a minor bug that could be fixed ?)

Since redirector 5 is getting a bit of a work out, should I increase the
numbers a bit, so that there are always a few "spare" redirectors for
when there are more than 5 concurrent requests needing redirectors to
respond. Is there a FAQ / rule of thumb on how to "size" the number of
redirect_children in squid.conf ? Anyone want to share there
experiences with me ?

Is it necessary for the redirector to return just the URL, or the URL
plus the rest of the information that is passed to it (i.e the full 4
parameters of URL ip/fqdn ident method).

Can I enable just redirector debugging ?

Are the access rules checked BEFORE or AFTER the redirection (common
sense would presume AFTER, so that the check is on the rewritten URL)


Received on Sun Mar 08 1998 - 14:50:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:12 MST