RE: [squid-users] Intentional Forwarding Loop ...

From: James Hall-Kenney <James.Hall-Kenney@dont-contact.us>
Date: Mon, 9 Apr 2001 17:35:09 +1200

I might be missing something but I believe that I am doing this. As per the
log:

986793141.884 301 202.36.203.149 TCP_MISS/200 476 GET
http://www.microsoft.com/business/script/globaltoolbar.js -
DIRECT/www.microsoft.com application/x-javascript
986793141.995 463 202.36.203.62 TCP_MISS/200 522 GET
http://www.microsoft.com/business/script/globaltoolbar.js -
FIRST_UP_PARENT/localhost.dmz.dmzglobal.net application/x-javascript

202.36.203.62 is the client. 202.36.203.149 is the squid server. It seems
to log the first completed transaction first??? ie the GET after the
viruswall.

The acl is:
# this ACL allows traffic that comes back from the viruswall to go the net
acl thishost src 202.36.203.149/255.255.255.255
always_direct allow thishost
http_access allow thishost

Am I missing something? My thort was that as the visible name of this proxy
was already in the header request, it was seeing this as a forwarding loop
...

Regards

James

-----Original Message-----
From: Robert Collins [mailto:robert.collins@itdomain.com.au]
Sent: Monday, 9 April 2001 4:55 p.m.
To: James Hall-Kenney; squid-users@squid-cache.org
Subject: RE: [squid-users] Intentional Forwarding Loop ...

Set squid to only forward to interscan if the request did not come from
the interscan box.

You can use peer access rules and or always_direct/never_direct to
accomplish this. What works best for you will depend on the rest of your
topology.

Rob

 

> -----Original Message-----
> From: James Hall-Kenney [mailto:James.Hall-Kenney@sytec.co.nz]
> Sent: Monday, April 09, 2001 3:00 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Intentional Forwarding Loop ...
>
>
> All,
>
> We use squid in conjunction with the Trend Interscan
> Viruswall product to do
> http Virus scanning. We are doing this via a cache_peer ie:
>
> client -> squid -> viruswall -> destination_web_server
>
> squid and viruswall are on the same host.
>
> We have recently migrated the proxy server to Solaris SPARC
> from Linux. The
> current SPARC release of Viruswall seems to have a fault in its web
> retrieval engine that causes URLs with "%20" (space) in the
> URL string to
> fail. As a diagnostic process, we got the viruswall to peer
> back with squid
> and sure enough, the problem disappeared. ie:
>
> client -> squid -> viruswall -> squid -> destination_web_server
>
> Normally, we would have stopped at this point and just
> followed this through
> with Trend (which we have done by the way) but we also got
> another outcome -
> surfing was faster than if you use Interscan to do the web
> retrieval ... ie,
> the squid retrieval engine is a lot more efficient than the
> viruswall one.
> As a result, I'd like to retain the config, even when Trend
> come up with a
> fix.
>
> Now the downside of the above is that I am creating a
> forwarding loop of
> course. This doesn't seem to cause any problems other than
> filling up the
> logs. My questions:
>
> - Am I likely to come up against other problems with this
> configuration?
> - Is there a maximum number of "hops" for peer'ed caches?
> - Any way of supressing the Forwarding Loop errors?
>
> Any help appreciated ...
>
> Regards
>
> James
>
> James Hall-Kenney
> Senior Security Consultant
> Network Operations Centre
> DMZGlobal Limited
>
> Phone: +64 4 917 5940
> Mobile: +64 21 519-988
> Email: Mailto:james.hall-kenney@dmzglobal.com
> WWW: http://www.dmzglobal.com
>
> Important: This electronic mail message and attachments (if any) are
> confidential and may be legally privileged. If you are not
> the intended
> recipient please contact us immediately and destroy this
> message. You may
> not legally copy, disclose, disseminate or use the contents
> in any way.
> Thank you.
>
>
>
>
Received on Sun Apr 08 2001 - 23:35:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:13 MST