Re: [SQU] Weird problem with accelerator

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 11 Jan 2001 23:25:35 +0100

My recommended accelerator setup is to translate the IP, not the domain
name.

Add
pasadena.we.usgs.gov to your /etc/hosts file with the IP of the internal
server, and set httpd_accel_host to pasadena.we.usgs.gov.

httpd_accel_host pasadena.we.usgs.gov
httpd_accel_with_proxy on
acl servers dst pasadena.we.usgs.gov
acl http port 80
http_access allow http servers
http_access deny all

This avoids a number of issues:
a) No problem with server generated redirects, IF the server understands
Host headers..
b) Requests usinga full URL will be allowed
c) Can easily be extended with more domains when needed, mapped to one
or more real servers.

--
Henrik Nordstrom
Squid hacker
stan@bort.gps.caltech.edu wrote:
> 
> I'm having a weird problem here with a Squid set up as an accelerator
> for our office web server.
> 
> The Squid is 2.2-Stable4 running on FreeBSD 3.3, and I saw the following
> in the access.log file today:
> 
> # grep 151.201.129.36 access.log
> 151.201.129.36 - - [11/Jan/2001:10:47:06 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/ HTTP/1.0" 200 4004 TCP_REFRESH_HIT:DIRECT
> 151.201.129.36 - - [11/Jan/2001:10:47:07 -0800] "GET http://pasadena.wr.usgs.gov/recenteqs/Logos/mini_logo.gif HTTP/1.0" 403 1060 TCP_DENIED:NONE
> 151.201.129.36 - - [11/Jan/2001:10:47:08 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/index_map.gif HTTP/1.0" 200 15138 TCP_HIT:NONE
> 151.201.129.36 - - [11/Jan/2001:10:47:36 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/Logos/mini_logo.gif HTTP/1.0" 200 889 TCP_MEM_HIT:NONE
> 151.201.129.36 - - [11/Jan/2001:10:47:38 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/Quakes/quakes0.html HTTP/1.0" 200 50695 TCP_HIT:NONE
> 151.201.129.36 - - [11/Jan/2001:10:48:18 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/Quakes/quakes.big.html HTTP/1.0" 200 4809 TCP_REFRESH_HIT:DIRECT
> 151.201.129.36 - - [11/Jan/2001:10:48:31 -0800] "GET http://pasadena.wr.usgs.gov/recenteqs/index.html HTTP/1.0" 403 1042 TCP_DENIED:NONE
> 151.201.129.36 - - [11/Jan/2001:10:48:35 -0800] "GET http://agent86.gps.caltech.edu/recenteqs/index.html HTTP/1.0" 200 4004 TCP_REFRESH_HIT:DIRECT
> 151.201.129.36 - - [11/Jan/2001:10:48:37 -0800] "GET http://pasadena.wr.usgs.gov/recenteqs/index_map.gif HTTP/1.0" 403 1048 TCP_DENIED:NONE
> 
> This is just one person's session on our server.
> 
> 'pasadena.wr.usgs.gov' is the name we publish for our office, and its
> DNS entry points to the Squid.  'agent86.gps.caltech.edu' is the actual
> back-end server, and is specified in the squid.conf:
> 
> httpd_accel_host agent86.gps.caltech.edu
> httpd_accel_port 80
> 
> The thing that's weird with this is that they first come along and do
> a GET on '/recenteqs/' and that request seems to be handled correctly,
> but then the second line is trying to fetch the logo gif that appears
> at the top of the page.  This is specified in the page as:
> 
> <IMG SRC="/recenteqs/Logos/mini_logo.gif" WIDTH=58 HEIGHT=35 ALT="Logo" ALIGN="middle">
> 
> So this is a relative link, but for some reason, the request is getting
> the host name inserted, and this makes a loop, and hence the 403.
> 
> Then they went down into two sub-pages, and when they came back up,
> they got another 403 trying to get back to the main page.  I suspect
> that the weirdness is in the user's browser.  I was able to [sort of]
> reproduce this with telnet:
> 
> # telnet usgs-squid 80
> Trying 131.215.66.193...
> Connected to usgs-squid.gps.caltech.edu.
> Escape character is '^]'.
> GET http://pasadena.wr.usgs.gov/recenteqs/ HTTP/1.0
> 
> HTTP/1.0 403 Forbidden
> Server: Squid/2.2.STABLE4
> [etc]
> 
> # telnet usgs-squid 80
> Trying 131.215.66.193...
> Connected to usgs-squid.gps.caltech.edu.
> Escape character is '^]'.
> GET /recenteqs/ HTTP/1.0
> 
> HTTP/1.0 200 OK
> Date: Thu, 11 Jan 2001 22:02:54 GMT
> [good data]
> 
> I found 12 instances of this behavior in the log for today.  They came
> from two different clients, and there are about 49,000 entries in the
> log file.
> 
> Does anyone have any idea how this could be happening?
> 
> --
> Stan Schwarz                | Extreme sports...offer "some kind of physical
> stan@cosmo.pasadena.ca.us   | analog to the thrill of installing Linux or
> http://cosmo.pasadena.ca.us | other open-source operating systems."
>                             |           -Mikki Halpin, _The Geek Handbook_
> 
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Thu Jan 11 2001 - 15:45:21 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:26 MST