On Mon, Apr 21, 2014 at 2:06 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 21/04/2014 6:56 p.m., Timur Irmatov wrote:
>> 2014/04/21 11:46:03.940 kid1| ctx: exit level 0
>> 2014/04/21 11:46:03.940 kid1| store.cc(1011) checkCachable:
>> StoreEntry::checkCachable: NO: not cachable
>>
>> So Squid considers servers reply uncacheable. Why?
>>
>
> Something (unknown) has marked it to be discarded before it finished
> arriving. There is no sign of the store lookup logics looking up an
> existing entry either.
> And ALL,6 trace (very big) will probaly be needed for that one.
After clearing a cache and enabling ALL,6 trace I have performed
several requests through my proxy.
Now in cache.log I do see a line "SECURITY ALERT: Host header forgery
detected". Indeed, guard.cdnmail.ru resolves to different IP addresses
sometimes.
What are my options now? Is it possible to disable host forgery detection?
Also, TrafficServer has on option to skip dns lookup and use remote IP
address from incoming client connection. Is it possible to do the
same? The idea is to skip double DNS lookup, one by client and one by
proxy server.
> There are two other obvious things to check.
>
> The first is that this request is arriving on the tproxy port and the
> domain name appears to be using different IPs in geographic based
> responses. Is the Squid box getting the same 217.69.139.110 destination
> as the client was contacting?
Yes, as I stated above.
> The second is the storeid helper. What is its output?
> debug option 84,9
Storeid helpers does not rewrite this request in any way (replies with ERR).
-- Timur IrmatovReceived on Mon Apr 21 2014 - 11:22:19 MDT
This archive was generated by hypermail 2.2.0 : Mon Apr 21 2014 - 12:00:06 MDT