RE: [squid-users] Intentional Forwarding Loop ...

From: Robert Collins <robert.collins@dont-contact.us>
Date: Mon, 9 Apr 2001 14:55:15 +1000

Set squid to only forward to interscan if the request did not come from
the interscan box.

You can use peer access rules and or always_direct/never_direct to
accomplish this. What works best for you will depend on the rest of your
topology.

Rob

 

> -----Original Message-----
> From: James Hall-Kenney [mailto:James.Hall-Kenney@sytec.co.nz]
> Sent: Monday, April 09, 2001 3:00 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Intentional Forwarding Loop ...
>
>
> All,
>
> We use squid in conjunction with the Trend Interscan
> Viruswall product to do
> http Virus scanning. We are doing this via a cache_peer ie:
>
> client -> squid -> viruswall -> destination_web_server
>
> squid and viruswall are on the same host.
>
> We have recently migrated the proxy server to Solaris SPARC
> from Linux. The
> current SPARC release of Viruswall seems to have a fault in its web
> retrieval engine that causes URLs with "%20" (space) in the
> URL string to
> fail. As a diagnostic process, we got the viruswall to peer
> back with squid
> and sure enough, the problem disappeared. ie:
>
> client -> squid -> viruswall -> squid -> destination_web_server
>
> Normally, we would have stopped at this point and just
> followed this through
> with Trend (which we have done by the way) but we also got
> another outcome -
> surfing was faster than if you use Interscan to do the web
> retrieval ... ie,
> the squid retrieval engine is a lot more efficient than the
> viruswall one.
> As a result, I'd like to retain the config, even when Trend
> come up with a
> fix.
>
> Now the downside of the above is that I am creating a
> forwarding loop of
> course. This doesn't seem to cause any problems other than
> filling up the
> logs. My questions:
>
> - Am I likely to come up against other problems with this
> configuration?
> - Is there a maximum number of "hops" for peer'ed caches?
> - Any way of supressing the Forwarding Loop errors?
>
> Any help appreciated ...
>
> Regards
>
> James
>
> James Hall-Kenney
> Senior Security Consultant
> Network Operations Centre
> DMZGlobal Limited
>
> Phone: +64 4 917 5940
> Mobile: +64 21 519-988
> Email: Mailto:james.hall-kenney@dmzglobal.com
> WWW: http://www.dmzglobal.com
>
> Important: This electronic mail message and attachments (if any) are
> confidential and may be legally privileged. If you are not
> the intended
> recipient please contact us immediately and destroy this
> message. You may
> not legally copy, disclose, disseminate or use the contents
> in any way.
> Thank you.
>
>
>
>
Received on Sun Apr 08 2001 - 23:02:15 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:13 MST