Re: [squid-users] Help with accelerated site

Hello again here few updates of my cache.log and access.log
Can anybody translat to me what does that mean, I have changed my real site
to "mysite"
Thank you all
I tried www.mysite.org from a local machine which is 192.168.1.1
remember the router is actually on 192.168.1.4 which is also the Squid
machine.

########################################################################

cache log report
***********************************************************************

2010/03/26 20:41:24| WARNING: Forwarding loop detected for:
GET /favicon.ico HTTP/1.0
Host: www.mysite.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.18)
Gecko/2010021501 Ubuntu/8.04 (hardy) Firefox/3.0.18
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Via: 1.1 proxy (squid/3.0.STABLE25)
X-Forwarded-For: 192.168.1.1
Cache-Control: max-age=259200
Connection: keep-alive

2010/03/26 20:47:02| WARNING: Forwarding loop detected for:
GET / HTTP/1.0
Host: www.mysite.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.18)
Gecko/2010021501 Ubuntu/8.04 (hardy) Firefox/3.0.18
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: http://www.mysite.org
Via: 1.1 proxy (squid/3.0.STABLE25)
X-Forwarded-For: 192.168.1.1
Cache-Control: max-age=259200
Connection: keep-alive

##########################################################################
acces.log
********************************************************************

1269636041.546 157 192.168.1.1 TCP_MISS/200 5178 GET
http://www.google.com/ - DIRECT/66.102.9.104 text/html
1269636041.727 163 192.168.1.1 TCP_MISS/200 9340 GET
http://www.google.com/intl/fr_ALL/images/logo.gif - DIRECT/66.102.9.104
image/gif
1269636042.006 168 192.168.1.1 TCP_MISS/200 21210 GET
http://www.google.com/extern_js/f/CgJmciswCjheQB0sKzAOOAwsKzAWOBcsKzAXOAYsKzAYOAUsKzAZOBksKzAdOCUsKzAlOMqIASwrMCY4CSwrMCc4BCwrMCo4AywrMCs4CiwrMDw4AiwrMEA4DSwrMEQ4AiwrMEU4ASwrME44ASw/BYTXK9Z1bX4.js -
DIRECT/66.102.9.104 text/javascript
1269636042.099 59 192.168.1.1 TCP_MISS/200 4144 GET
http://www.google.com/extern_chrome/1ae1d100aea24288.js -
DIRECT/66.102.9.104 text/html
1269636042.164 113 192.168.1.1 TCP_MISS/204 239 GET
http://clients1.google.com/generate_204 - DIRECT/209.85.227.101 text/html
1269636042.212 42 192.168.1.1 TCP_MISS/200 6059 GET
http://www.google.com/images/nav_logo8.png - DIRECT/66.102.9.104 image/png
1269636042.298 127 192.168.1.1 TCP_MISS/204 329 GET
http://www.google.com/csi? - DIRECT/66.102.9.105 text/html
1269636054.744 0 192.168.1.1 TCP_HIT/200 456 GET http://192.168.1.3/ -
NONE/- text/html
1269636054.865 6 192.168.1.1 TCP_MISS/404 665 GET
http://192.168.1.3/favicon.ico - DIRECT/192.168.1.3 text/html
1269636057.864 0 192.168.1.1 TCP_NEGATIVE_HIT/404 674 GET
http://192.168.1.3/favicon.ico - NONE/- text/html
1269636084.636 1 81.98.104.57 TCP_MISS/403 2263 GET
http://www.mysite.org/ - NONE/- text/html
1269636084.637 92 192.168.1.1 TCP_MISS/403 2327 GET
http://www.mysite.org/ - FIRST_UP_PARENT/main text/html
1269636084.667 1 81.98.104.57 TCP_MISS/403 2264 GET
http://www.mysite.org/favicon.ico - NONE/- text/html
1269636084.668 2 192.168.1.1 TCP_MISS/403 2328 GET
http://www.mysite.org/favicon.ico - FIRST_UP_PARENT/main text/html
1269636087.667 0 192.168.1.1 TCP_NEGATIVE_HIT/403 2335 GET
http://www.mysite.org/favicon.ico - NONE/- text/html
1269636098.347 0 192.168.1.1 TCP_NEGATIVE_HIT/403 2335 GET
http://www.mysite.org/ - NONE/- text/html
1269636422.015 1 81.98.104.57 TCP_MISS/403 2319 GET
http://www.mysite.org/ - NONE/- text/html
1269636422.016 105 192.168.1.1 TCP_MISS/403 2383 GET
http://www.mysite.org/ - FIRST_UP_PARENT/main text/html

Your time and help will be much appreciated
Thanking you in advance
Regards
Adam

----- Original Message -----
From: "Ron Wheeler" <rwheeler_at_artifact-software.com>
To: "Adam_at_Gmail" <adbasque_at_googlemail.com>
Sent: Friday, March 26, 2010 5:14 PM
Subject: Re: [squid-users] Help with accelerated site

>
> There are 2 uses for Squid:
> 1) to act as a proxy for browsers inside your network that want to get out
> to the Internet and you want to avoid 2 people downloading the same big
> file by having squid remember pages that it sees go by and giving the
> second requester the copy that is already in cache on its disk. In this
> case it is usually watching on port 3128 on the NIC attached to your
> internal LAN for requests that should be sent out on the public address.
>
> 2) To act as an accelerator for people outside who want pages from your
> web server. In this case it is watching for requests coming in on port 80
> on the NIC that carries the public address and cheching to see if the page
> that they are requesting is in its cache and if it is, it responds to the
> request without bothering the webserver.
>
> Note in Case 2, it is not doing anything for your people on the inside
> since they do NOT come in through the ethernet interface that Squid is
> watching.
>
> You have to be clear in your configuring and testing that you are testing
> with the right connections.
> If you are testing case 2, you need to be outside your network to test.
> If you come into port 80 on the ethernet NIC that is part of your internal
> LAN, your accelerator may not even see it.
>
> Make sure that your firewall setup matches what you are trying to do.
>
> If you have got everything set up for whichever case you are testing, you
> might want to ask some of these questions to see what is happening.
>
> What happens when you try to reference the proxy with a browser on port
> 80?
> What is showing up in your squid log when you make the request?
> What is showing up in your firewall log when you make the request?
> What is showing up in the Apache log when you make the request?
>
> Post some of these results when asking for help. The answer usually is in
> the logs.
>
> Ron
>
> Adam_at_Gmail wrote:
>> Hi Al,
>> thanks for your reply, I don't acutally have a problem with the apache
>> because the webserver is on another machine as the backend server
>> switching off the apache running on the proxy machine doesn't bother me
>> what I am having a problem with is that it doesn't pull the website from
>> the backend server
>> and right now it won't even allow me access from the local network
>> I have commented out all of the deny accesses and yet it still won't
>> allow any machine on my local network to access the internet.
>
>
>
> You can do both with Apache but the configurations and problems are very
> different.
>
> What exactly are you trying to do?
> Try to get one working first and then go after the other.
>
>> That's what I found very strange.
>> My proxy server runs freely on a dedicated machine nothing else runs on
>> that machine.
>>
>> Regards
>> Adam
>> ----- Original Message ----- From: "Al - Image Hosting Services"
>> <azick_at_zickswebventures.com>
>> To: "Adam_at_Gmail" <adbasque_at_googlemail.com>
>> Cc: <squid-users_at_squid-cache.org>
>> Sent: Friday, March 26, 2010 1:24 AM
>> Subject: Re: [squid-users] Help with accelerated site
>>
>>
>>> Hi,
>>>
>>> Although you can't have apache and squid listening on port 80 on the
>>> same IP, you can have them both running on port 80 on the same machine.
>>> Just do this:
>>>
>>> Change your apache config to:
>>> "Listen 127.0.0.1:80"
>>>
>>> Change your squid config to:
>>> "cache_peer 127.0.0.1 parent 80 0 no-query originserver" "http_port
>>> 1.2.3.4:80 accel vhost"
>>>
>>> Where 1.2.3.4 is, put your public IP.
>>>
>>> -Al
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Thu, 25 Mar 2010, Adam_at_Gmail wrote:
>>>
>>>> Date: Thu, 25 Mar 2010 16:30:33 -0000
>>>> From: "Adam_at_Gmail" <adbasque_at_googlemail.com>
>>>> To: Ron Wheeler <rwheeler_at_artifact-software.com>
>>>> Cc: Amos Jeffries <squid3_at_treenet.co.nz>, squid-users_at_squid-cache.org
>>>> Subject: Re: [squid-users] Help with accelerated site
>>>>
>>>> Hi All,
>>>> Thank you guys for your help
>>>> I have tried your suggestions,
>>>> Yes Ron I know that two programmes can't both listen on the same port
>>>> at the same time
>>>> but I thought the Apache was essential for the Proxy server, so thanks
>>>> for the suggestion,
>>>> I am including bits of my config here, because now I am getting "Access
>>>> Denied" even from a local network:
>>>> Can you guys please take a look at it and see if you can spot what's
>>>> causing the access denied.
>>>> note I have tried to allow everything and removed all the "deny"
>>>> directives and yet it's still denies any access from my local network.
>>>> That is why I get so confused with Squid, I don't understand it's logic
>>>> to be perfectly honest, and let me remind you that this config used to
>>>> work just fine at least it used to allow access to the internet to all
>>>> the clients on my local network.
>>>>
>>>>
>>>> #############################
>>>> # Other Access Controls
>>>> #############################
>>>> acl manager proto cache_object
>>>> acl localhost src 127.0.0.1/32
>>>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
>>>> acl our_networks dst 192.168.1.0/32
>>>> acl our_sites dstdomain www.mysite.org
>>>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
>>>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
>>>> # acl localnet src 192.168.0.0/32 # RFC1918 possible internal network
>>>> acl localnet src 192.168.1.0/32 #Local Network
>>>> acl myaccelport port 80
>>>>
>>>> # acl FTP proto FTP
>>>> acl SSL_ports port 443
>>>> acl Safe_ports port 80 # http
>>>> acl Safe_ports port 21 # ftp
>>>> acl Safe_ports port 443 # https
>>>> acl Safe_ports port 70 # gopher
>>>> acl Safe_ports port 210 # wais
>>>> acl Safe_ports port 1025-65535 # unregistered ports
>>>> acl Safe_ports port 280 # http-mgmt
>>>> acl Safe_ports port 488 # gss-http
>>>> acl Safe_ports port 591 # filemaker
>>>> acl Safe_ports port 777 # multiling http
>>>> acl CONNECT method CONNECT
>>>>
>>>> http_access allow manager localhost
>>>> #http_access deny manager
>>>> # http_access deny !Safe_ports
>>>> http_access allow localnet
>>>> #http_access deny all
>>>> # http_access allow intranet
>>>> # http_access deny all
>>>> http_access allow our_networks
>>>>
>>>> icp_access allow localnet
>>>> #icp_access deny all
>>>> htcp_access allow localnet
>>>> #htcp_access deny all
>>>> http_acceess allow CONNECT
>>>> #http_access deny all
>>>> hosts_file /etc/hosts
>>>> visible_hostname proxy
>>>>
>>>> http_port 3128
>>>>
>>>> hierarchy_stoplist cgi-bin ?
>>>>
>>>> cache_effective_user squid
>>>> access_log /usr/local/squid/var/logs/access.log squid
>>>> cache_log /usr/local/squid/var/logs/cache.log
>>>> cache_store_log /usr/local/squid/var/logs/store.log
>>>> pid_filename /usr/local/squid/var/logs/squid.pid
>>>>
>>>> refresh_pattern ^ftp: 1440 20% 10080
>>>> refresh_pattern ^gopher: 1440 0% 1440
>>>> refresh_pattern . 0 20% 4320
>>>>
>>>> icp_port 3130
>>>> htcp_port 4827
>>>> # allow_underscore on
>>>>
>>>> coredump_dir /usr/local/squid/var/cache
>>>>
>>>>
>>>> Can anyone see what's wrong with this config and if possible to point
>>>> it out to me, your help would be much appreciated
>>>>
>>>> Thanking you in advance
>>>> Regards
>>>> Adam
>>>>
>>>> ----- Original Message ----- From: "Ron Wheeler"
>>>> <rwheeler_at_artifact-software.com>
>>>> To: "Adam_at_Gmail" <adbasque_at_googlemail.com>
>>>> Cc: "Amos Jeffries" <squid3_at_treenet.co.nz>;
>>>> <squid-users_at_squid-cache.org>
>>>> Sent: Thursday, March 25, 2010 1:58 AM
>>>> Subject: Re: [squid-users] Help with accelerated site
>>>>
>>>>
>>>>> Adam_at_Gmail wrote:
>>>>>> Hello there,
>>>>>> Thanks for the reply Ron and Amos
>>>>>>
>>>>>>
>>>>>> Maybe my original e-mail wasn't clear a bit confusing I am sorry if I
>>>>>> confused you
>>>>>>
>>>>>> I have squid running on Machine A with let's say local ip 192.168.1.4
>>>>>> the backend server is running on machine B and ip address 192.168.1.3
>>>>>>
>>>>>> Now, instead of getting the website that is located on Machine B
>>>>>> 192.168.1.3 which is listening on port 81 not 80.
>>>>>> I am getting the default Apache Page on the Proxy server Machine
>>>>>> which is 192.168.1.4
>>>>>>
>>>>>> And I do have the vhost in my configuration
>>>>>> Well there are two apaches running on the two machines, the proxy
>>>>>> machine and the web-server machine, except the web-server apache
>>>>>> listens on port 81, logically (technically) speaking it should work,
>>>>>> but for some reason it doesn't.
>>>>>> I hope it makes more sense to you what I am trying to describe here
>>>>>
>>>>> Very helpful.
>>>>> You can not have apache listening for port 80 on 192.168.1.4 and Squid
>>>>> trying to do the same thing.
>>>>> Only one process can have port 80.
>>>>> You will very likely find a note in the squid logs that says something
>>>>> to the effect that squid can not bind to port 80.
>>>>> If you shutdown apache on 192.168.1.4 and restart squid, your proxy
>>>>> will work (if the rest of the configuration is correct)
>>>>> If you then try to start apache on 192.168.1.4 it will certainly
>>>>> complain loudly about port 80 not being free.
>>>>>
>>>>> If you want to use Apache on both 192.168.1.4 and 192.168.1.3 you need
>>>>> to set the apache on 192.168.1.4 to listen on port 81 and set squid to
>>>>> proxy to the apache on 192.168.1.4 and use apache's proxy and vhost
>>>>> features to reach 192.168.1.5 which can be set to listen on port 80.
>>>>> This will support
>>>>> browser=>Squid on 192.168.1.4 ==> Apache on 192.168.1.4:81 (vhost)
>>>>> ==>Apache 192.168.1.3:80
>>>>> That is a pretty common approach.
>>>>>
>>>>> Ron
>>>>>
>>>>>
>>>>>>
>>>>>> Thank you all for your help
>>>>>> Regards
>>>>>> Adam
>>>>>>
>>>>>> ----- Original Message ----- From: "Amos Jeffries"
>>>>>> <squid3_at_treenet.co.nz>
>>>>>> To: <squid-users_at_squid-cache.org>
>>>>>> Sent: Thursday, March 25, 2010 1:01 AM
>>>>>> Subject: Re: [squid-users] Help with accelerated site
>>>>>>
>>>>>>
>>>>>>> On Wed, 24 Mar 2010 19:48:27 -0400, Ron Wheeler
>>>>>>> <rwheeler_at_artifact-software.com> wrote:
>>>>>>>> What is squid proxying?
>>>>>>>> Usually the normal behaviour is exactly what you are getting since
>>>>>>>> squid
>>>>>>>
>>>>>>>> normally proxies Apache on 80.
>>>>>>>> Browser ==> Squid on 80==>proxied to Apache on port 81.
>>>>>>>>
>>>>>>>>
>>>>>>>> If Squid is not proxying Apache, then it looks like you have Apache
>>>>>>>> running on 80.
>>>>>>>>
>>>>>>>> If you are trying to redirect port 80 to another program that is
>>>>>>>> not
>>>>>>>> Apache, then you need to get Apache off port 80.
>>>>>>>> You can not have 2 programs listening to port 80.
>>>>>>>>
>>>>>>>> If Apache is running and owns port 80, Squid will not start.
>>>>>>>>
>>>>>>>> If this is the case, You likely have errors in the logs to this
>>>>>>>> effect.
>>>>>>>>
>>>>>>>> Shut down Apache and and restart Squid.
>>>>>>>>
>>>>>>>> Try to start Apache and now it should howl with anger (or log in
>>>>>>>> anger)
>>>>>>>> at not getting port 80.
>>>>>>>>
>>>>>>>>
>>>>>>>> Ron
>>>>>>>>
>>>>>>>> Adam_at_Gmail wrote:
>>>>>>>>> Hello All,
>>>>>>>>>
>>>>>>>>> I have followed this configuration, but when I try and access the
>>>>>>>>> website from outside my network
>>>>>>>>> All I get is the default page of the apache on the machine where
>>>>>>>>> the
>>>>>>>>> Squid proxy is installed
>>>>>>>>>
>>>>>>>>> Here is the link:
>>>>>>>>>
>>>>>>>>> http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
>>>>>>>>>
>>>>>>>>> here is the configuration I followed
>>>>>>>>>
>>>>>>>>> http_port 80 accel defaultsite=your.main.website.name(changed my
>>>>>>>>> port
>>>>>>>>> to 81 my backend server listens on port 81)I havehttp_port 81
>>>>>>>>> accel
>>>>>>>>> defaultsite=www.my.website.org vhostand then used thiscache_peer
>>>>>>>>> ip.of.webserver parent 80 0 no-query originserver
>>>>>>>>> name=myAccelcache_peer 192.168.1.5 parent 81 0 no query
>>>>>>>>> originserver
>>>>>>>>> name=myAccel(myAccel I have put a name)and then acl our_sites
>>>>>>>>> dstdomain my.website.org
>>>>>>>>> http_access allow our_sites
>>>>>>>>> cache_peer_access myAccel allow our_sites
>>>>>>>>> cache_peer_access myAccel deny all Anybody with any suggestions
>>>>>>>>> please?Any help would be appreciated thank youRegardsAdam
>>>>>>>>>
>>>>>>>
>>>>>>> Sorry, took me a while to un-mangle that original email text.
>>>>>>>
>>>>>>> You are missing the "vhost" option on https_port 80. All traffic
>>>>>>> Squid
>>>>>>> receives on port 80 will go to Apache's default virtual host.
>>>>>>>
>>>>>>> Amos
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>
>>
>
Received on Fri Mar 26 2010 - 21:08:18 MDT