[squid-users] Forwarding loop detected

From: Edoardo COSTA SANSEVERINO <edoardo.costa_at_gmail.com>
Date: Tue, 29 Jun 2010 10:27:37 +0200

Hi all,

I'm getting the following error and I just can't figure out what I'm
doing wrong. It worked for a while but now i get the following error:

Browser error
-------------
ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://test.example.com/

The following error was encountered:

     * Access Denied.

       Access control configuration prevents your request from being
allowed at this time. Please contact your service provider if you feel
this is incorrect.

Your cache administrator is webmaster.
Generated Tue, 29 Jun 2010 08:01:45 GMT by localhost (squid/3.0.STABLE8)

Squid Error
-----------
2010/06/29 07:41:22.244| The request GET http://test.example.com/ is
ALLOWED, because it matched 'sites_server_web'
2010/06/29 07:41:22.244| WARNING: Forwarding loop detected for:
GET / HTTP/1.0
Host: test.example.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3)
Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: http://test.example.com/
Cookie: __utma=156214138.2072416337.1256440668.1263421087.1270454401.17;
SESS404422c7e13985ed9850bca1343102d6=e6b996d3bf323193fec6e785a3356d1c;
SESS4986f0d90a6abbc6006cc25a814fe1a8=1c1956864db4e7636f3e8b185b6dd6cc
Pragma: no-cache
Via: 1.1 localhost (squid/3.0.STABLE8)
X-Forwarded-For: 192.168.1.10
Cache-Control: no-cache, max-age=259200
Connection: keep-alive

2010/06/29 07:41:22.245| The reply for GET http://test.example.com/ is
ALLOWED, because it matched 'sites_server_web'

My current setup is as follows. I made the page request on the laptop
to [VMs1].

setup
-----

[VMs1]--[Server/Squid/DNS/FW 1]--{ Internet }---[Server/Squid/DNS/FW
2]-+--[VMs2]
                                                                                                                             |
                                                                                                                            +--[LAN]--[Laptop]

The following squid config is for [Server 1]

squid.conf
----------
https_port 91.185.133.180:443 accel cert=/etc/ssl/mail.example.com.crt
key=/etc/ssl/mail.example.com.pem defaultsite=mail.example.com vhost
protocol=https
http_port 91.185.133.180:80 accel defaultsite=test.example.com vhost

cache_peer 192.168.122.11 parent 443 0 no-query no-digest originserver
login=PASS ssl sslversion=3 sslflags=DONT_VERIFY_PEER front-end-https=on
name=server_mail
cache_peer 192.168.122.12 parent 80 0 no-query originserver login=PASS
name=server_web

acl sites_server_mail dstdomain mail.example.com
http_access allow sites_server_mail
cache_peer_access server_mail allow sites_server_mail
cache_peer_access server_mail deny all

acl sites_server_web dstdomain test.example.com test.foobar.eu
test1.example.com
http_access allow sites_server_web
cache_peer_access server_web allow sites_server_web
cache_peer_access server_web deny all

forwarded_for on

cache_store_log none
debug_options ALL,2

The following config is for [Server 2]

squid.conf
----------
https_port 192.168.1.3:443 accel
cert=/etc/ssl/certs/deb03.example.com.crt
key=/etc/ssl/private/deb03.example.com.pem defaultsite=deb03.example.com
vhost protocol=https
http_port 192.168.1.1:80 accel defaultsite=deb02.example.com vhost
http_port 192.168.1.1:80 accel defaultsite=oldwww.example.com vhost

cache_peer 192.168.122.3 parent 443 0 no-query originserver login=PASS
ssl sslversion=3 sslflags=DONT_VERIFY_PEER front-end-https=on name=srv03
cache_peer 192.168.122.2 parent 80 0 no-query originserver name=srv02
cache_peer 192.168.122.11 parent 80 0 no-query originserver name=srv01

acl https proto https
acl sites_srv01 dstdomain oldwww.example.com
acl sites_srv03 dstdomain deb03.example.com
acl sites_srv02 dstdomain deb02.example.com second.example.com

http_access allow sites_srv01
http_access allow sites_srv03
http_access allow sites_srv02
cache_peer_access srv01 allow sites_srv01
cache_peer_access srv03 allow sites_srv03
cache_peer_access srv02 allow sites_srv02

forwarded_for on

### Transparent proxy
http_port 192.168.1.1:3128 transparent
acl lan_network src 192.168.1.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow lan_network
http_access allow localnet

cache_dir ufs /var/spool/squid3 1500 16 256
###

#cache_store_log none
debug_options ALL,2

I simply can't see where the loop is. Could someone explain this to me
or point me to the right documentation. I had a look arround but found
no relevant answer.

Many thanks!
  -Ed
Received on Tue Jun 29 2010 - 08:27:54 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 29 2010 - 12:00:03 MDT