Re: [squid-users] Problem with gpg server

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 11 Sep 2010 01:17:32 +1200

On 11/09/10 00:21, David Blaisonneau wrote:
>
> Hi !
>
> I am having trouble with my squid proxy: everything is ok, except
> fetching the gpg signature.
> My proxy is behind another proxy and everything should go to through it.
> But with this request the proxy wants to go directly to the web server.
>
> Can someone help me please ? I have burn all my neurones to solve this
> problem. Thanks a lot.
>
> The following request does not work:
>
> server1:~# gpg --keyserver pgpkeys.mit.edu --recv-keys C514AF8E4BA401C3
> gpg: requesting key 4BA401C3 from hkp server pgpkeys.mit.edu
> gpg: keyserver timed out
> gpg: keyserver receive failed: keyserver error
>
> The equivalent HTTP request is not working anymore:
>
> server1:~# wget
> 'http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3'
>
> --2010-09-10 11:35:56--
> http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3
> Resolving myway... 192.168.100.2
> Connecting to myway|192.168.100.2|:3128... connected.
> Proxy request sent, awaiting response... 504 Gateway Time-out
> 2010-09-10 11:38:55 ERROR 504: Gateway Time-out.
>
> Squid logs are:
>
> ==> /var/log/squid/access.log <==
> 1284122031.432 180023 192.168.100.11 TCP_MISS/504 1529 GET
> http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3
> - DIRECT/18.9.60.141 text/html
>
> ==> /var/log/squid/store.log <==
> 1284122031.432 RELEASE -1 FFFFFFFF 2CC990F7B7B5BDA236B4C689AF96F7CE 504
> 1284122031 -1 1284122031 text/html 1160/1160 GET
> http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3
>
> What makes me perplex is this result: without parameters the HTTP
> request is going out to the good way.
>
> server1:~# wget 'http://pgpkeys.mit.edu:11371
> --2010-09-10 13:51:48-- http://pgpkeys.mit.edu:11371/
> Resolving myway... 192.168.100.2
> Connecting to myway|192.168.100.2|:3128... connected.
> Proxy request sent, awaiting response... 200 OK
> Length: unspecified [text/html]
> Saving to: `index.html'
>
> [ <=> ] 1,995 --.-K/s in 0s
>
> 2010-09-10 13:51:53 (105 MB/s) - `index.html' saved [1995]
>
> Squid logs are:
>
> ==> /var/log/squid/access.log <==
> 1284121918.557 245 192.168.100.11 TCP_MISS/200 2300 GET
> http://pgpkeys.mit.edu:11371/ - FIRST_UP_PARENT/172.20.0.1 text/html
>
> ==> /var/log/squid/store.log <==
> 1284121918.557 RELEASE -1 FFFFFFFF 3828411FC0C814608C64548487002F2D 200
> 1284118339 -1 -1 text/html -1/1995 GET
> http://pgpkeys.mit.edu:11371/
>
> Here is my config:
> <snip>
>
> cache_peer 172.20.0.1 parent 80 0 proxy-only no-query
>
<snip>
>
> hierarchy_stoplist cgi-bin ?

hierarchy_stoplist is blocking any request with "?" or "cgi-bin" in the
URL from being passed to the peer.

Squid-2.6 and earlier sent some headers that broke downstream caching
passing dynamic stuff out to peers. If your squid is at least 2.7 or
later its safe enough to remove.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.8
   Beta testers wanted for 3.2.0.2
Received on Fri Sep 10 2010 - 13:17:40 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 10 2010 - 12:00:04 MDT