After some experimentation and source reading & patching:
The problem with looping squids is a mostly a configuration issue which
can easily be avoided. It only manifests itself when running Squid as a
transparent proxy on port 80 or as a HTTP accelerator with Host: header
support and none/improper destinantion access control.
When running as a transparent proxy you should not run squid on port 80.
Leave it on port 3128 and redirect traffic to that port, and don't
redirect traffic that is destinated for the local machine.
I have attached a small patch for Squid 1.1.21 that should prevent it
from looping infinitely when configured to listen on port 80.
--- Henrik Nordström
--- squid-1.1.21/src/icp.c.orig Tue Mar 17 04:03:46 1998
+++ squid-1.1.21/src/icp.c Sat Apr 4 20:13:58 1998
@@ -925,7 +925,7 @@
ch.request = requestLink(icpState->request);
answer = aclCheck(MISSAccessList, &ch);
requestUnlink(ch.request);
- if (answer == 0) {
+ if (answer == 0 || (icpState->accel && BIT_TEST(icpState->request->flags, REQ_LOOPDETECT))) {
icpState->http_code = 400;
buf = access_denied_msg(icpState->http_code,
icpState->method,
Received on Sat Apr 04 1998 - 14:50:30 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:35 MST