Re: [squid-users] forwarding loop in hierarchy

From: Matteo Villari <villari@dont-contact.us>
Date: Mon, 18 Jul 2005 10:07:04 +0200

Matteo Villari ha scritto:

> Hi. I'm trying to configure an hierarchy of accelerators but i falled
> a forwarding loop. It happens when i turn on in a leaf
> httpd_accel_uses_host_headers. Here is squid.conf of the child (with
> ip 192.168.11.208)
>
> http_port 8180
> htcp_port 0
> cache_peer 192.168.11.233 parent 8180 3130
> #acl QUERY urlpath_r
> #no_cache deny QUERY
> cache_mem 64 MB
> maximum_object_size_in_memory 256 KB
> cache_dir aufs /usr/local/squid/cache 1024 1 256
> debug_options ALL,1 33,2 28,9
> auth_param basic children 5
> auth_param basic realm Squid proxy
> auth_param basic credentialsttl 2
> auth_param basic casesensitive off
> refresh_pattern . 15 100% 1440
> acl all src 0.0.0.0/0.
> acl manager proto cach
> acl localhost src 127.
> acl to_localhost dst 1
> acl SSL_ports port 443
> acl Safe_ports port 80
> acl Safe_ports port 21
> acl Safe_ports port 44
> acl Safe_ports port 70
> acl Safe_ports port 21
> acl Safe_ports port 10
> acl Safe_ports port 28
> acl Safe_ports port 48
> acl Safe_ports port 59
> acl Safe_ports port 77
> acl CONNECT method CONNECT
> acl purge method PURGE
> http_access allow manager localhost
> http_access allow all
> http_reply_access allow all
> icp_access allow all
> cache_effective_user villari
> cache_effective_group villari
> visible_hostname Villari2
> unique_hostname calamaro_due
> httpd_accel_host 192.168.11.224
> httpd_accel_port 8180
> httpd_accel_single_host on
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> cachemgr_passwd xxxxx all
> always_direct allow manager localhost
> acl regione dst 192.168.11.224
> never_direct allow regione
> snmp_port 0
> strip_query_terms off
> vary_ignore_expire on
>
> Here is the parent configuration (with ip 192.168.11.233)
>
> http_port 3128
> http_port 8180
> http_port 8080
> icp_port 3130
> htcp_port 0
> maximum_object_size 40960 KB
> maximum_object_size_in_memory 1024 KB
> cache_dir aufs /usr/local/squid/cache 1024 1 256
> log_ip_on_direct off
> log_mime_hdrs on
> debug_options ALL,1 33,2 28,9
> log_fqdn on
> pinger_program /bin/ping
> redirect_program /usr/local/squid/bin/squidGuard
> acl session urlpath_regex jsessionid
> redirector_access allow session
> redirector_access deny !session
> auth_param basic casesensitive off
> refresh_pattern -i jp(e)g 1440 100% 1440 override-expire
> override-lastmod ignore-reload
> refresh_pattern -i psml 15 100% 1440 override-expire override-lastmod
> refresh_pattern -i css 1440 100% 1440 override-expire override-lastmod
> ignore-reload
> refresh_pattern . 0 20% 4320
> half_closed_clients off
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl purge method PURGE
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> http_access allow all
> http_reply_access allow all
> icp_access allow all
> cache_mgr villari
> cache_effective_user villari
> cache_effective_group villari
> unique_hostname calamaro_uno
> httpd_accel_host 192.168.11.224
> httpd_accel_port 8180
> httpd_accel_single_host on
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> cachemgr_passwd xxxxx all
> query_icmp on
> strip_query_terms off
> relaxed_header_parser warn
>
> When I try to get http://192.168.11.208:8180/jetspeed I expect the
> mail page but all I have is an error of access denied. The reason is a
> forwarding loop as seen in cache.log of the child cache:
>
> 2005/07/04 17:08:41| The request GET
> http://192.168.11.208:8180/jetspeed is ALLOWED, because it matched 'all'
> 2005/07/04 17:08:41| WARNING: Forwarding loop detected for:
> GET /jetspeed HTTP/1.0
> User-Agent: Opera/7.54 (Windows NT 5.1; U) [it]
> Host: 192.168.11.208:8180
> Accept: text/html, application/xml;q=0.9, application/xhtml+xml,
> image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
> Accept-Language: it, en
> Accept-Charset: windows-1252, utf-8, utf-16, iso-8859-1;q=0.6, *;q=0.1
> Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
> Referer: http://192.168.11.208:8180/jetspeed
> Pragma: no-cache
> Via: 1.1 calamaro_due:3128 (squid/2.5.STABLE10-20050607), 1.0
> calamaro_uno:3128 (squid/2.5.STABLE10-20050607)
> X-Forwarded-For: 192.168.11.243, 192.168.11.208
> Cache-Control: no-cache, max-age=86400
> Connection: keep-alive
>
> 2005/07/04 17:08:41| aclCheckFast: list: 0x82290f0
> 2005/07/04 17:08:41| aclMatchAclList: checking all
> 2005/07/04 17:08:41| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
> 2005/07/04 17:08:41| aclMatchIp: '192.168.11.243' found
> 2005/07/04 17:08:41| aclMatchAclList: returning 1
> 2005/07/04 17:08:41| aclCheckFast: list: 0x8228f88
> 2005/07/04 17:08:41| aclMatchAclList: checking all
> 2005/07/04 17:08:41| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
> 2005/07/04 17:08:41| aclMatchIp: '192.168.11.243' found
> 2005/07/04 17:08:41| aclMatchAclList: returning 1
> 2005/07/04 17:08:41| The reply for GET
> http://192.168.11.208:8180/jetspeed is ALLOWED, because it matched 'all'
>
>
> The page has not Cache-Control Directives but the log says the
> contrary.... It's something wrong in my configurations? I'm using
> Squid-2.5Stable10-20050607 in both boxes. Thank you for your help,
> Matteo Villari
>
>
>
>
>
Any suggestion? Thank you, Matteo Villari
Received on Mon Jul 18 2005 - 02:07:13 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT