Dean Weimer wrote:
> I have a problem with a website that doesn't like going through a
> parent child proxy setup, if you access the site pointing the client
> directly at the parent proxy it open just fine. However, when the
> client accesses the website using the child proxy the page fails to
> load. I have no control over the website and have sent a request to
> the support for the site to help resolve the issue. While waiting to
> hear back from them, I was wondering if possibly disabling the via
> headers would potential help, but wasn't sure of the consequences
> that doing so would have. The eventual configuration in this scenario
> is to have 2 parents with a single child, one server can easily
> handle the number of clients we have, but we want to use the 2
> parents to handle load balancing on multiple internet connections. I
> have already used ACLs to send this website along with others I know
> have problems with multiple source IPs in a single session, through a
> single parent so that they only have failover and not load balancing.
> This has been verified to work on all the other sites that I know
> clients need that have this problem. I have verified by use of a
> packet sniffer that this site is correctly trying to go out a single
> parent proxy server, and I am considering disabling the via header to
> see if that resolves the issue. In addition to any possible problems
> with disabling the via headers, would it be better to do it on the
> parent proxies or on the child proxy server, if it doesn't have to be
> done on both. If it's of any consequence, I do have the
> forwarded_for directive set to off on the parents and the child proxy
> server.
>
> Thanks, Dean Weimer Network Administrator Orscheln Management Co
>
Hi Dean, sorry for the long delay.
Via: header is used primarily to prevent looping when forwarding
requests between proxies. And also to allow trace-backs for a) security
tracking malicious traffic events and b) debugging flow through
hierarchies of caches.
If you have a simple one-way flow of request traffic
client->child->parent->web then there is very little chance of the
looping occuring and Via: ceases to be mandatory. Still highly useful
though.
If you have a peering link between the parent servers (sibling to each
other) or any kind of downward link to have parent proxies send requests
to childs. Then Via: becomes mandatory to detect when loops occur.
Correct configuration is still required to prevent the loops, but
without Via: in these situations you only have vague "my internet hangs"
from users to go by.
Hope this helps.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 Current Beta Squid 3.1.0.7Received on Fri Apr 17 2009 - 02:31:43 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 17 2009 - 12:00:02 MDT