Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

On 1/14/2013 1:48 PM, Leslie Jensen wrote:
>
> I've now upgraded squid to 3.2 and rewritten the firewall rule that
> resulted in a forwarding loop.
>
> Unfortunately I've got no access now and I can't see where I've made the
> error.
>
> The browser says squid is rejecting the requests:
> Access control configuration prevents your request from being allowed at
> this time.
>
>
> 1358162295.975 0 172.18.0.1 TCP_MISS/403 4052 GET
> http://www.skatteverket.se/ - HIER_NONE/- text/html
> 1358162295.976 11 172.18.0.102 TCP_MISS/403 4137 GET
> http://www.skatteverket.se/ - HIER_DIRECT/172.18.0.1 text/html
> 1358162296.110 0 172.18.0.1 TCP_MISS/403 4166 GET
> http://www.squid-cache.org/Artwork/SN.png - HIER_NONE/- text/html
> 1358162296.110 99 172.18.0.102 TCP_MISS/403 4251 GET
> http://www.squid-cache.org/Artwork/SN.png - HIER_DIRECT/172.18.0.1
> text/html
> 1358162296.219 0 172.18.0.1 TCP_MISS/403 4058 GET
> http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
> 1358162296.219 1 172.18.0.102 TCP_MISS/403 4143 GET
> http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html
> 1358162296.239 0 172.18.0.1 TCP_MISS/403 4090 GET
> http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
> 1358162296.240 1 172.18.0.102 TCP_MISS/403 4175 GET
> http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html
>

Look closly.. it's not squid.
if it was squid you would have seen TCP_DENIED.
you get a TCP_MISS which squid is ok with but a remote server DENIES you
with a 403 response.

I would say it looks pretty bad since every request seems to go into
squid from two IP addresses which is like a loop.. but one which squid
can not recognize from an unknown reason.

What have you done in the firewall to prevent the forwarding loop?

By the way did you tried to have a rule that allows all web requests
from the local machine of the proxy to not be intercepted?

Regards,
Eliezer
Received on Mon Jan 14 2013 - 15:05:57 MST