Re: [squid-users] Local Squid to Reverse Squid to keyserver.ubuntu.com

>> I'm not an http/proxy guru. What I think is happening is that the
>> local Squid proxy receives the X-Cache MISS from upstream, and simply
>> halts the response as if it were a peer.
>
>
> You say that BUT... the entire information about the failure consists of:
> "
>
> curl -vhttp://keyserver.ubuntu.com
>
> ...output here is the squid access denied error message page...
> "

My bad. Here's the failing request through 3.1.19:

curl -v http://keyserver.ubuntu.com
* About to connect() to proxy 10.10.10.10 port 3128 (#0)
* Trying 10.10.10.10... % Total % Received % Xferd Average
Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
  0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0connected
> GET http://keyserver.ubuntu.com HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: keyserver.ubuntu.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
* HTTP 1.0, assume close after body
< HTTP/1.0 403 Forbidden
< Server: squid/3.1.19
< Mime-Version: 1.0
< Date: Sun, 07 Apr 2013 14:24:54 GMT
< Content-Type: text/html
< Content-Length: 3408
< X-Squid-Error: ERR_ACCESS_DENIED 0
< Vary: Accept-Language
< Content-Language: en
< X-Cache-Lookup: MISS from localhost:11371
< X-Cache-Lookup: MISS from localhost:3128
< Via: 1.0 localhost (squid/3.1.19), 1.0 localhost (squid/3.1.19)
* HTTP/1.0 connection set to keep alive!
< Connection: keep-alive

and the trimmed down html returned form the local proxy:

</head><body id=ERR_ACCESS_DENIED>
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>

<div id="content">
<p>The following error was encountered while trying to retrieve the
URL: http://keyserver.ubuntu.com/</p>

<blockquote id="error">
<p><b>Access Denied.</b></p>
</blockquote>

<p>Access control configuration prevents your request from being
allowed at this time. Please contact your service provider if you feel
this is incorrect.</p>

<p>Your cache administrator is <a
href="mailto:webmaster?subject=CacheErrorInfo%20-%20ERR_ACCESS_DENIED&amp;body=CacheHost%3A%20localhost%0D%0AErrPage%3A%20ERR_ACCESS_DENIED%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Sun,%2007%20Apr%202013%2014%3A24%3A54%20GMT%0D%0A%0D%0AClientIP%3A%2076.244.155.139%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2F%20HTTP%2F1.1%0AUser-Agent%3A%20curl%2F7.22.0%20(x86_64-pc-linux-gnu)%20libcurl%2F7.22.0%20OpenSSL%2F1.0.1%20zlib%2F1.2.3.4%20libidn%2F1.23%20librtmp%2F2.3%0D%0AHost%3A%20keyserver.ubuntu.com%0D%0AAccept%3A%20*%2F*%0D%0AVia%3A%201.1%20localhost%20(squid%2F3.1.19)%0D%0AX-Forwarded-For%3A%2010.10.10.20%0D%0ACache-Control%3A%20max-age%3D259200%0D%0AConnection%3A%20keep-alive%0D%0A%0D%0A%0D%0A">webmaster</a>.</p>
<br>
</div>

<hr>
<div id="footer">
<p>Generated Sun, 07 Apr 2013 14:24:54 GMT by localhost (squid/3.1.19)</p>
<!-- ERR_ACCESS_DENIED -->
</div>
</body></html>

This is the stock squid.conf with the exception that I've added an acl
for my local 10.10. network toe access it. (acl localnet src
10.0.0.0/8 + http_access allow localnet) and I've toggled
strip_query_terms off so I could see the full uri in the log.

I've also tried setting the last http_access deny all to allow all
with no effect.

Thanks!
-=Chris
Received on Sun Apr 07 2013 - 14:42:16 MDT