[squid-users] Loop vs. no-caching with ESI

Hello,

trying to the ESI feature of the current CVS version of squid-3
I have the following configuration:

browser --> squid --> zope-server(with virtual hosting)

One page (index.html) in the Zope-Server looks this way:

  <html><body>
    <esi:include src="http://theServer.com/include.html"/>
  </body></html>

(Response-Headers:
  Surrogate-Control: content="ESI/1.0"
)

The page include.html ist just a little bit of text and the
following response header:
  Surrogate-Control: max-age=3600, content="ESI/1.0"

Zope is running on port 8080, while squid runs on port 80 (same host;
complete configuration attached below).

For squid there is a redirector running, making all requests of the
form
  http://theServer.com/foobar

become
  http://localhost:8080/VirtualHostBase/http/theServer.com:80/VirtualHostRoot/foobar

When getting http://theServer.com/index.html from a browser I get an
error message. After setting some debug_options I see the following
in the cache_log:

WARNING: Forwarding loop detected for:
GET /VirtualHostBase/http/theServer.com:80/VirtualHostRoot/include.html HTTP/1.0
Host: theServer.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en,en-us;q=0.7,de;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Cookie: __ac_name="admin"
Authorization: Basic YWRtaW46c2VjcmV0
Via: 1.0 devel.office.mydomain.de (squid/3.0-PRE3-CVS)
Surrogate-Capability: office="Surrogate/1.0 ESI/1.0"
X-Forwarded-For: unknown
Cache-Control: max-age=259200
Connection: keep-alive

This made sense to me, because the "esi:include"-URL again points to
squid, and when receiving this request squid may already "know" about
this request... ???

So I've changed the "esi:include" directive in index.html:

  <esi:include src="http://localhost:8080/VirtualHostBase/http/theServer.com:80/VirtualHostRoot/include.html"/>

so that the ESI processor now fetches the fragment directly from the
Zope server. This works, but has the effect, that the fragment never
gets cached.

What's wrong with my configuration?

There is another fact, that may be related to this (or maybe not):
With the second solution (which does word, but without caching) I still
see the response header "Surrogate-Control: content="ESI/1.0"" on the
client-side (browser)! Shouldn't squid remove this header when
ESI-processing the page?

TIA
Best regards
-Stefan-

> grep -E "^[^# ]" /etc/squid.conf

http_port 80 vhost
cache_dir ufs /var/cache/squid 100 16 256
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
redirect_program /usr/local/sbin/redirect.pl
redirect_rewrites_host_header off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
http_access deny all
http_reply_access allow all
icp_access allow all
esi_parser libxml2
strip_query_terms off
coredump_dir /var/cache/squid
ie_refresh on
minimum_expiry_time 0 seconds

-- 
-------------------------------------------------------------------
Dipl. Inf. (FH) Stefan Palme
 
email: kleiner@hora-obscura.de
www:   http://hbci4java.kapott.org
icq:   36376278
phon:  +49 341 3910484
fax:   +49 1212 517956219
mobil: +49 178 3227887
 
key fingerprint: 1BA7 D217 36A1 534C A5AD  F18A E2D1 488A E904 F9EC
-------------------------------------------------------------------