[SQU] Weird problem with accelerator

From: <stan@dont-contact.us>
Date: Thu, 11 Jan 2001 14:10:03 -0800 (PST)

I'm having a weird problem here with a Squid set up as an accelerator
for our office web server.

The Squid is 2.2-Stable4 running on FreeBSD 3.3, and I saw the following
in the access.log file today:

# grep access.log - - [11/Jan/2001:10:47:06 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/ HTTP/1.0" 200 4004 TCP_REFRESH_HIT:DIRECT - - [11/Jan/2001:10:47:07 -0800] "GET http://pasadena.wr.usgs.gov/recenteqs/Logos/mini_logo.gif HTTP/1.0" 403 1060 TCP_DENIED:NONE - - [11/Jan/2001:10:47:08 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/index_map.gif HTTP/1.0" 200 15138 TCP_HIT:NONE - - [11/Jan/2001:10:47:36 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/Logos/mini_logo.gif HTTP/1.0" 200 889 TCP_MEM_HIT:NONE - - [11/Jan/2001:10:47:38 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/Quakes/quakes0.html HTTP/1.0" 200 50695 TCP_HIT:NONE - - [11/Jan/2001:10:48:18 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/Quakes/quakes.big.html HTTP/1.0" 200 4809 TCP_REFRESH_HIT:DIRECT - - [11/Jan/2001:10:48:31 -0800] "GET http://pasadena.wr.usgs.gov/recenteqs/index.html HTTP/1.0" 403 1042 TCP_DENIED:NONE - - [11/Jan/2001:10:48:35 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/index.html HTTP/1.0" 200 4004 TCP_REFRESH_HIT:DIRECT - - [11/Jan/2001:10:48:37 -0800] "GET http://pasadena.wr.usgs.gov/recenteqs/index_map.gif HTTP/1.0" 403 1048 TCP_DENIED:NONE

This is just one person's session on our server.

'pasadena.wr.usgs.gov' is the name we publish for our office, and its
DNS entry points to the Squid. 'agent86.gps.caltech.edu' is the actual
back-end server, and is specified in the squid.conf:

httpd_accel_host agent86.gps.caltech.edu
httpd_accel_port 80

The thing that's weird with this is that they first come along and do
a GET on '/recenteqs/' and that request seems to be handled correctly,
but then the second line is trying to fetch the logo gif that appears
at the top of the page. This is specified in the page as:

<IMG SRC="/recenteqs/Logos/mini_logo.gif" WIDTH=58 HEIGHT=35 ALT="Logo" ALIGN="middle">

So this is a relative link, but for some reason, the request is getting
the host name inserted, and this makes a loop, and hence the 403.

Then they went down into two sub-pages, and when they came back up,
they got another 403 trying to get back to the main page. I suspect
that the weirdness is in the user's browser. I was able to [sort of]
reproduce this with telnet:

# telnet usgs-squid 80
Connected to usgs-squid.gps.caltech.edu.
Escape character is '^]'.
GET http://pasadena.wr.usgs.gov/recenteqs/ HTTP/1.0

HTTP/1.0 403 Forbidden
Server: Squid/2.2.STABLE4

# telnet usgs-squid 80
Connected to usgs-squid.gps.caltech.edu.
Escape character is '^]'.
GET /recenteqs/ HTTP/1.0

HTTP/1.0 200 OK
Date: Thu, 11 Jan 2001 22:02:54 GMT
[good data]

I found 12 instances of this behavior in the log for today. They came
from two different clients, and there are about 49,000 entries in the
log file.

Does anyone have any idea how this could be happening?

Stan Schwarz                | Extreme sports...offer "some kind of physical
stan@cosmo.pasadena.ca.us   | analog to the thrill of installing Linux or
http://cosmo.pasadena.ca.us | other open-source operating systems."
                            |           -Mikki Halpin, _The Geek Handbook_
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Thu Jan 11 2001 - 15:13:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:26 MST