Re: Accelerated webserver and proxy server. Is it possible? from Henrik Nordstrom on 2000-06-07 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 07 Jun 2000 08:34:13 +0200

Hugh Blandford wrote:
>
> Thanks for the replies,
>
> this is the setup that I have (although I haven't defined the http_accel
> server port as I am using a redirector to different ports for different
> sites and I am using virtual hosts)
>
> What would happen when someone would access one of your accelerated sites
> through the proxy server? Would you get a forwarding loop?

That depends on how well your redirector does it's work.

Lets try to explain the loop.

In plain acceleration for www.example.com Squids sees a request for the
URI-path

/path/to/some/file

Then it tries to reconstruct a full URL by using the
httpd_accel_server/port directives

Lets assume these are set to
httpd_accel_server internal.example.com
httpd_accel_port 80

Ther reconstructed URL then becomes

http://internal.example.com:80/path/to/some/file

And then passes this URL along to the normal proxying (and redirection).

If it however receives a proxy request then the full URL will be known
from the start, and no reconstruction is taking place

http://www.example.com/path/to/some/file

And Squid passes this along to the normal proxying (and redirection). If
this is let thru unmodified then Squid will try to contact
www.example.com to retreive the requested object, which usually means it
will contact itself as it is the official frontend of www.example.com.

Now, exactly the same situation occurs if you are using
httpd_accel_uses_host_header, with the only difference of that the
proxied requests does not always include a port component while the
accelerated requests always does.

Accelerated:
   http://www.example.com:80/path/to/some/file
Proxied:
   http://www.example.com/path/to/some/file
   http://www.example.com:80/path/to/some/file
   http://www.example.com:00080/path/to/some/file
   [and so on]

The situation gets further complicated if httpd_accel_host is set to
virtual. Then the reconstructed URL might use the IP address of the
receiving interface if there is no Host header (or
httpd_accel_uses_host_header is off)

Accelerated with virtual and no host header:
http://192.168.3.4:80/path/to/some/file
[where 192.168.3.4 is the IP address of the interface where Squid
received the request]

If your redirector properly deals with all these forms then you are safe
from request loops.

--
Henrik Nordstrom
Squid hacker

Received on Wed Jun 07 2000 - 17:45:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:57 MST