[squid-users] forwarding loop in hierarchy

From: Matteo Villari <[email protected]>
Date: Mon, 04 Jul 2005 17:22:43 +0200

Hi. I'm trying to configure an hierarchy of accelerators but i falled a
forwarding loop. It happens when i turn on in a leaf
httpd_accel_uses_host_headers. Here is squid.conf of the leaf (with ip
192.168.11.208)

http_port 8180
htcp_port 0
cache_peer 192.168.11.233 parent 8180 3130
#acl QUERY urlpath_r
#no_cache deny QUERY
cache_mem 64 MB
maximum_object_size_in_memory 256 KB
cache_dir aufs /usr/local/squid/cache 1024 1 256
debug_options ALL,1 33,2 28,9
auth_param basic children 5
auth_param basic realm Squid proxy
auth_param basic credentialsttl 2
auth_param basic casesensitive off
refresh_pattern . 15 100% 1440
acl all src 0.0.0.0/0.
acl manager proto cach
acl localhost src 127.
acl to_localhost dst 1
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 44
acl Safe_ports port 70
acl Safe_ports port 21
acl Safe_ports port 10
acl Safe_ports port 28
acl Safe_ports port 48
acl Safe_ports port 59
acl Safe_ports port 77
acl CONNECT method CONNECT
acl purge method PURGE
http_access allow manager localhost
http_access allow all
http_reply_access allow all
icp_access allow all
cache_effective_user villari
cache_effective_group villari
visible_hostname Villari2
unique_hostname calamaro_due
httpd_accel_host 192.168.11.224
httpd_accel_port 8180
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cachemgr_passwd xxxxx all
always_direct allow manager localhost
acl regione dst 192.168.11.224
never_direct allow regione
snmp_port 0
strip_query_terms off
vary_ignore_expire on

Here is the parent configuration (with ip 192.168.11.233)

http_port 3128
http_port 8180
http_port 8080
icp_port 3130
htcp_port 0
maximum_object_size 40960 KB
maximum_object_size_in_memory 1024 KB
cache_dir aufs /usr/local/squid/cache 1024 1 256
log_ip_on_direct off
log_mime_hdrs on
debug_options ALL,1 33,2 28,9
log_fqdn on
pinger_program /bin/ping
redirect_program /usr/local/squid/bin/squidGuard
acl session urlpath_regex jsessionid
redirector_access allow session
redirector_access deny !session
auth_param basic casesensitive off
refresh_pattern -i jp(e)g 1440 100% 1440 override-expire
override-lastmod ignore-reload
refresh_pattern -i psml 15 100% 1440 override-expire override-lastmod
refresh_pattern -i css 1440 100% 1440 override-expire override-lastmod
ignore-reload
refresh_pattern . 0 20% 4320
half_closed_clients off
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl purge method PURGE
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
http_access allow all
http_reply_access allow all
icp_access allow all
cache_mgr villari
cache_effective_user villari
cache_effective_group villari
unique_hostname calamaro_uno
httpd_accel_host 192.168.11.224
httpd_accel_port 8180
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cachemgr_passwd xxxxx all
query_icmp on
strip_query_terms off
relaxed_header_parser warn

When I try to get http://192.168.11.208:8180/jetspeed I expect the mail
page but all I have is an error of access denied. The reason is a
forwarding loop as seen in cache.log of the leaf cache:

2005/07/04 17:08:41| The request GET http://192.168.11.208:8180/jetspeed
is ALLOWED, because it matched 'all'
2005/07/04 17:08:41| WARNING: Forwarding loop detected for:
GET /jetspeed HTTP/1.0
User-Agent: Opera/7.54 (Windows NT 5.1; U) [it]
Host: 192.168.11.208:8180
Accept: text/html, application/xml;q=0.9, application/xhtml+xml,
image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: it, en
Accept-Charset: windows-1252, utf-8, utf-16, iso-8859-1;q=0.6, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Referer: http://192.168.11.208:8180/jetspeed
Pragma: no-cache
Via: 1.1 calamaro_due:3128 (squid/2.5.STABLE10-20050607), 1.0
calamaro_uno:3128 (squid/2.5.STABLE10-20050607)
X-Forwarded-For: 192.168.11.243, 192.168.11.208
Cache-Control: no-cache, max-age=86400
Connection: keep-alive

2005/07/04 17:08:41| aclCheckFast: list: 0x82290f0
2005/07/04 17:08:41| aclMatchAclList: checking all
2005/07/04 17:08:41| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2005/07/04 17:08:41| aclMatchIp: '192.168.11.243' found
2005/07/04 17:08:41| aclMatchAclList: returning 1
2005/07/04 17:08:41| aclCheckFast: list: 0x8228f88
2005/07/04 17:08:41| aclMatchAclList: checking all
2005/07/04 17:08:41| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2005/07/04 17:08:41| aclMatchIp: '192.168.11.243' found
2005/07/04 17:08:41| aclMatchAclList: returning 1
2005/07/04 17:08:41| The reply for GET
http://192.168.11.208:8180/jetspeed is ALLOWED, because it matched 'all'

The page has not Cache-Control Directives but the log says the
contrary.... It's something wrong in my configurations? I'm using
Squid-2.5Stable10-20050607 in both boxes. Thank you for your help,
Matteo Villari
Received on Mon Jul 04 2005 - 09:22:49 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT