On Mon, 4 Jul 2005, Matteo Villari wrote:
> Hi. I'm trying to configure an hierarchy of accelerators but i falled a
> forwarding loop. It happens when i turn on in a leaf
> httpd_accel_uses_host_headers. Here is squid.conf of the leaf (with ip
> 192.168.11.208)
httpd_accel_uses_host_header makes Squid use the Host header as host name
when reconstructing the URL.
Without it it uses the httpd_accel_host value.
> http_port 8180
> htcp_port 0
> cache_peer 192.168.11.233 parent 8180 3130
> httpd_accel_single_host on
This combination strikes me as somewhat odd..
> never_direct allow regione
Or maybe it does make sense?
regione will be sent to the parent.
other requests will be sent some to the parent, some directly depending on
what Squid thinks is best at the moment.
> httpd_accel_host 192.168.11.224
> httpd_accel_port 8180
> httpd_accel_single_host on
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
There is no need for httpd_accel_* directives on the parent.. Requests
arriving here will be proxy requests, not web server requests.
> When I try to get http://192.168.11.208:8180/jetspeed I expect the mail page
> but all I have is an error of access denied. The reason is a forwarding loop
> as seen in cache.log of the leaf cache:
>
> 2005/07/04 17:08:41| The request GET http://192.168.11.208:8180/jetspeed is
> ALLOWED, because it matched 'all'
> 2005/07/04 17:08:41| WARNING: Forwarding loop detected for:
> GET /jetspeed HTTP/1.0
> User-Agent: Opera/7.54 (Windows NT 5.1; U) [it]
> Host: 192.168.11.208:8180
> Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png,
> image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
> Accept-Language: it, en
> Accept-Charset: windows-1252, utf-8, utf-16, iso-8859-1;q=0.6, *;q=0.1
> Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
> Referer: http://192.168.11.208:8180/jetspeed
> Pragma: no-cache
> Via: 1.1 calamaro_due:3128 (squid/2.5.STABLE10-20050607), 1.0
> calamaro_uno:3128 (squid/2.5.STABLE10-20050607)
> X-Forwarded-For: 192.168.11.243, 192.168.11.208
> Cache-Control: no-cache, max-age=86400
> Connection: keep-alive
Makes sense. Your leaf proxy reconstructed the URL as
http://192.168.11.208:8180/jetspeed, which is itself, and your forwarding
rules does not tell it any specific instructions from where this should be
requested.
Try this:
* Set "never_direct allow all" on both proxies, denying Squid to forward a
request anywhere else than explicitly told from the config.
* On the leaf proxy, use cache_peer to the inner proxy. Also set
httpd_accel_host to your main site name (this will be used for HTTP/1.0
clients not sending a Host header).
* On the inner proxy, use cache_peer to the web server.
Regards
Henrik
Received on Fri Aug 05 2005 - 09:38:32 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT