Re: [squid-users] No forward-proxy ports error in 3.3

From: Ahmed Talha Khan <auny87_at_gmail.com>
Date: Wed, 25 Apr 2012 17:50:04 +0500

Hey Amos,

I tried this patch
http://bugs.squid-cache.org/attachment.cgi?id=2660&action=diff

which you mentioned in the bug and it worked :)

This bug describes the case of "host header forgery" hang issue. I
think it relates to the DNS IP of the host name in the request not
matching the destination IP of the request. Correct me if i am wrong.
How could this scenario be occurring in my setup when i do not have
any forgery element inside.? What can cause this?. For me the problem
was occurring even for plain http links.

When would the fix get in now?

On Wed, Apr 25, 2012 at 2:43 PM, Ahmed Talha Khan <auny87_at_gmail.com> wrote:
> On Wed, Apr 25, 2012 at 2:26 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On 25/04/2012 6:04 p.m., Ahmed Talha Khan wrote:
>>>
>>> Looking at the explanation you gave it seems that forward_proxy is not
>>> a necessary if my setup allows for it. My case is that of simple
>>> forward proxy. I do not have any proxy peers, nor am i accessing the
>>> cachemgr.cgi. So in the case of normal webpage requests e.g
>>> www.google.com none of these should come into play and my setup should
>>> work. Correct me if i am wrong.
>>>
>>> Lets say my squid is running on a machine 192.168.8.40 and i choose
>>> port 8080 as the proxy_forward port. Then i will configure it like
>>> this
>>>
>>> http_port 192.168.8.40:8080
>>>
>>> The error page that you mentioned, will that be transferred to the
>>> client via this port? If that is the case, then how is my client going
>>> to associate that as response for one of its requests. Lets say client
>>> is at 192.168.8.39. He makes a request for a page which is not
>>> accesible. Squid will return the error page to client via its 8080
>>> port?
>>
>>
>> The error message itself is transferred back as the response to a clients
>> request. It is embeded URLs inside the error response which use the forward
>> proxy port.
>>
>> Open a blocked website through the proxy and you will see what I mean. The
>> Squid icon in the top left of the page is served up by your 3.2+ proxy.
>>
>>
>>
>>>
>>> Actually i am getting confused by usage of this in 3.2/3.3 versus
>>> earlier version of 3.1. So bear with me if you can :)
>>>
>>> Coming back to my original problem of some webpages not opening for my
>>> 3.3 setup. Any suggestions? Some of the web pages are not opening and
>>> some are opening. Something weird is happening. e.g www.yahoo.com wont
>>> open,  but http://www.squid-cache.org/ will open. For the pages that
>>> donot open, the client sends a GET request to the resolved IP but
>>> there is no http response. I verified that on wireshark.
>>
>>
>> This sounds like http://bugs.squid-cache.org/show_bug.cgi?id=3528.
>
> So what do you propose i do? Try applying the patch the Guy has
> mentioned? Or the one you have mentioned. Mine is not the case of
> syn+ack getting stuck, neither is it the case of packet drop outside
> of squid. I verified these via wireshark. What could bet he fix?
>
>
>>
>> Amos
>
>
>
> --
> Regards,
> -Ahmed Talha Khan

-- 
Regards,
-Ahmed Talha Khan
Received on Wed Apr 25 2012 - 12:50:14 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 25 2012 - 12:00:03 MDT