Re: [squid-users] forward loop

From: Pieter De Wit <pieter_at_insync.za.net>
Date: Sat, 04 Feb 2012 21:37:05 +1300

Hi,

Do you have a proxy set in the client to 192.168.40.2 port 3128 ? If so,
that is your problem. Also, check if the re-direction rule (on your
firewall) is excluding the outbound connection made by squid.

You could be ending up with the squid server's port 80 connection
getting looped back to itself.

What is doing the redirection ? If it is iptables, can you paste the
relevant sections of iptables ?

Cheers,

Pieter

On 4/02/2012 20:02, Mustafa Raji wrote:
> hi Pieter
> this is my configuration file,
>
> #define access list for network
> acl my_network src 192.168.12.0/24
> acl my_network src 192.168.7.0/24
> acl my_network src 192.168.40.0/24
> acl my_network src 10.10.10.0/24
>
> #allow http access for the network
> http_access allow my_network
>
> #squid default acl configuration
> acl all src all
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80
> acl Safe_ports port 21
> acl Safe_ports port 443
> acl Safe_ports port 70
> acl Safe_ports port 210
> acl Safe_ports port 1025-65535
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny all
> http_port 3128 intercept
> http_port 8080
>
> #cache configuration
> #define core dump directory
> visible_hostname squidtest
> coredump_dir /var/coredump
>
> #define cache replacement policy
> memory_replacement_policy heap GDSF
> cache_replacement_policy heap LFUDA
>
> #define cache memory
> cache_mem 512 MB
>
> #define squid log files
> access_log /var/log/squid3/access.log
> emulate_httpd_log off
> cache_store_log none
>
> #include /etc/squid3/refresh.conf
> cache_log /var/log/squid3/cache.log
>
> #define cache direcotry
> cache_dir aufs /var/squid/aufs1 5000 16 256
> cache_dir aufs /var/squid/aufs2 5000 16 256
> cache_dir aufs /var/squid/aufs3 5000 16 256
>
>
> maximum_object_size 512 MB
>
>
> ipcache_size 5120
>
> cache_swap_low 85
> cache_swap_high 95
>
> cache_mgr mustafa.raji_at_yahoo.com
> cachemgr_passwd xxxxx all
>
> thank you with my best regards
>
>
> --- On Thu, 2/2/12, Pieter De Wit<pieter_at_insync.za.net> wrote:
>
>> From: Pieter De Wit<pieter_at_insync.za.net>
>> Subject: Re: [squid-users] forward loop
>> To: squid-users_at_squid-cache.org
>> Date: Thursday, February 2, 2012, 10:08 AM
>> Hi Mustafa,
>>
>> Can you please post your squid.conf ? (Remove all comments
>> and passwords
>> etc)
>>
>> Cheers,
>>
>> Pieter
>>
>> On 2/02/2012 23:04, Mustafa Raji wrote:
>>> hi
>>> please i have a forward loop warning in my cache.log
>> what is the cause of it
>>> i check the internet and find the cause is using peer
>> squid configuration and the two cache server has the same
>> visible_hostname but i never used the peer in my
>> configuration i have one cache server with intercept
>> configuration please can you tell me what is causes to the
>> cache forward loop the warning message is from cache.log
>>> 2012/02/02 12:02:23| WARNING: Forwarding loop detected
>> for:
>>> POST
>> /2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bnpuss,ConnType=KeepAlive
>> HTTP/1.1
>>> Accept: */*
>>> Content-Type: application/octet-stream
>>> User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Win32)
>>> UserAgent: blugro2relay.groove.microsoft.com
>>> Content-Length: 22
>>> Pragma: no-cache
>>> Expires: 0
>>> Host: 192.168.40.2:3128
>>> Via: 1.0 squidtest (squid/3.1.11), 1.1 squidtest
>> (squid/3.1.11), 1.1 squidtest (squid/3.1.11)
>>> X-Forwarded-For: 192.168.40.1, 192.168.40.2,
>> 192.168.40.2
>>> Cache-Control: no-cache, max-age=0
>>> Connection: keep-alive
>>>
>>> and this error continues to appear with increasing the
>> values of via and x-forward-for
>>> my access.log file show this information at the same
>> time of the loop
>>> the ip 192.168.40.2 is the CacheServer ip
>>>
>>> Thu Feb 2 12:02:23 2012 0
>> 192.168.40.1 TCP_IMS_HIT/304 287 GET http://crl.microsoft.com/pki/crl/products/WinPCA.crl -
>> NONE/- application/pkix-crl
>>> Thu Feb 2 12:02:24 2012 898
>> 192.168.40.1 TCP_MISS/400 237 POST http://65.55.122.232/ - DIRECT/65.55.122.232 -
>>> Thu Feb 2 12:02:24 2012 8
>> 192.168.40.2 NONE/400 69168 NONE error:request-too-large -
>> NONE/- text/html
>>> Thu Feb 2 12:02:24 2012
>> 19 192.168.40.2 TCP_MISS/400 69275 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>> Thu Feb 2 12:02:24 2012
>> 23 192.168.40.2 TCP_MISS/400 69377 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>> Thu Feb 2 12:02:24 2012
>> 26 192.168.40.2 TCP_MISS/400 69479 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>> Thu Feb 2 12:02:24 2012
>> 30 192.168.40.2 TCP_MISS/400 69581 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>> Thu Feb 2 12:02:24 2012
>> 34 192.168.40.2 TCP_MISS/400 69683 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>> Thu Feb 2 12:02:24 2012
>> 37 192.168.40.2 TCP_MISS/400 69785 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>> Thu Feb 2 12:02:24 2012
>> 41 192.168.40.2 TCP_MISS/400 69887 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>> Thu Feb 2 12:02:24 2012
>> 44 192.168.40.2 TCP_MISS/400 69989 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>> Thu Feb 2 12:02:24 2012
>> 48 192.168.40.2 TCP_MISS/400 70091 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>> Thu Feb 2 12:02:24 2012
>> 51 192.168.40.2 TCP_MISS/400 70193 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>> Thu Feb 2 12:02:24 2012
>> 55 192.168.40.2 TCP_MISS/400 70295 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>> Thu Feb 2 12:02:24 2012
>> 58 192.168.40.2 TCP_MISS/400 70397 POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/n7hngumkwg46fvvc2zuwzzcd6y43i3da4bn$
>>>
>>>
>>> after that this status appear to me in cache.log
>>>
>>> 2012/02/02 12:02:33| statusIfComplete: Request not yet
>> fully sent "POST http://192.168.40.2:3128/2.0/blugro2relay.groove.microsoft.com/3m4dy9mseq7e9h39xecabcaqj24zjcgw4zts55s,ConnType=LongLived"
>>> and in 12:02:35 the server is return to work normally
>>>
>>> please can you help me in finding what is the cause of
>> this warning
>>
>>
Received on Sat Feb 04 2012 - 08:37:14 MST

This archive was generated by hypermail 2.2.0 : Sat Feb 04 2012 - 12:00:02 MST