I'm having a weird problem here with a Squid set up as an accelerator
for our office web server.
The Squid is 2.2-Stable4 running on FreeBSD 3.3, and I saw the following
in the access.log file today:
# grep 151.201.129.36 access.log
151.201.129.36 - - [11/Jan/2001:10:47:06 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/ HTTP/1.0" 200 4004 TCP_REFRESH_HIT:DIRECT
151.201.129.36 - - [11/Jan/2001:10:47:07 -0800] "GET http://pasadena.wr.usgs.gov/recenteqs/Logos/mini_logo.gif HTTP/1.0" 403 1060 TCP_DENIED:NONE
151.201.129.36 - - [11/Jan/2001:10:47:08 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/index_map.gif HTTP/1.0" 200 15138 TCP_HIT:NONE
151.201.129.36 - - [11/Jan/2001:10:47:36 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/Logos/mini_logo.gif HTTP/1.0" 200 889 TCP_MEM_HIT:NONE
151.201.129.36 - - [11/Jan/2001:10:47:38 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/Quakes/quakes0.html HTTP/1.0" 200 50695 TCP_HIT:NONE
151.201.129.36 - - [11/Jan/2001:10:48:18 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/Quakes/quakes.big.html HTTP/1.0" 200 4809 TCP_REFRESH_HIT:DIRECT
151.201.129.36 - - [11/Jan/2001:10:48:31 -0800] "GET http://pasadena.wr.usgs.gov/recenteqs/index.html HTTP/1.0" 403 1042 TCP_DENIED:NONE
151.201.129.36 - - [11/Jan/2001:10:48:35 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/index.html HTTP/1.0" 200 4004 TCP_REFRESH_HIT:DIRECT
151.201.129.36 - - [11/Jan/2001:10:48:37 -0800] "GET http://pasadena.wr.usgs.gov/recenteqs/index_map.gif HTTP/1.0" 403 1048 TCP_DENIED:NONE
This is just one person's session on our server.
'pasadena.wr.usgs.gov' is the name we publish for our office, and its
DNS entry points to the Squid. 'agent86.gps.caltech.edu' is the actual
back-end server, and is specified in the squid.conf:
httpd_accel_host agent86.gps.caltech.edu
httpd_accel_port 80
The thing that's weird with this is that they first come along and do
a GET on '/recenteqs/' and that request seems to be handled correctly,
but then the second line is trying to fetch the logo gif that appears
at the top of the page. This is specified in the page as:
<IMG SRC="/recenteqs/Logos/mini_logo.gif" WIDTH=58 HEIGHT=35 ALT="Logo" ALIGN="middle">
So this is a relative link, but for some reason, the request is getting
the host name inserted, and this makes a loop, and hence the 403.
Then they went down into two sub-pages, and when they came back up,
they got another 403 trying to get back to the main page. I suspect
that the weirdness is in the user's browser. I was able to [sort of]
reproduce this with telnet:
# telnet usgs-squid 80
Trying 131.215.66.193...
Connected to usgs-squid.gps.caltech.edu.
Escape character is '^]'.
GET http://pasadena.wr.usgs.gov/recenteqs/ HTTP/1.0
HTTP/1.0 403 Forbidden
Server: Squid/2.2.STABLE4
[etc]
# telnet usgs-squid 80
Trying 131.215.66.193...
Connected to usgs-squid.gps.caltech.edu.
Escape character is '^]'.
GET /recenteqs/ HTTP/1.0
HTTP/1.0 200 OK
Date: Thu, 11 Jan 2001 22:02:54 GMT
[good data]
I found 12 instances of this behavior in the log for today. They came
from two different clients, and there are about 49,000 entries in the
log file.
Does anyone have any idea how this could be happening?
-- Stan Schwarz | Extreme sports...offer "some kind of physical stan@cosmo.pasadena.ca.us | analog to the thrill of installing Linux or http://cosmo.pasadena.ca.us | other open-source operating systems." | -Mikki Halpin, _The Geek Handbook_ -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Thu Jan 11 2001 - 15:13:57 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:26 MST
