On Mon, 4 Jul 2005, Matteo Villari wrote:
Hi. I'm trying to configure an hierarchy of accelerators but i falled a
forwarding loop. It happens when i turn on in a leaf
httpd_accel_uses_host_headers. Here is squid.conf of the leaf (with ip
192.168.11.208)
httpd_accel_uses_host_header makes Squid use the Host header as host name
when reconstructing the URL.
Without it it uses the httpd_accel_host value.
http_port 8180
htcp_port 0
cache_peer 192.168.11.233 parent 8180 3130
httpd_accel_single_host on
This combination strikes me as somewhat odd..
never_direct allow regione
Or maybe it does make sense?
regione will be sent to the parent.
other requests will be sent some to the parent, some directly depending on
what Squid thinks is best at the moment.
httpd_accel_host 192.168.11.224
httpd_accel_port 8180
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
There is no need for httpd_accel_* directives on the parent.. Requests
arriving here will be proxy requests, not web server requests.
When I try to get http://192.168.11.208:8180/jetspeed I expect the mail page
but all I have is an error of access denied. The reason is a forwarding loop
as seen in cache.log of the leaf cache:
2005/07/04 17:08:41| The request GET http://192.168.11.208:8180/jetspeed is
ALLOWED, because it matched 'all'
2005/07/04 17:08:41| WARNING: Forwarding loop detected for:
GET /jetspeed HTTP/1.0
User-Agent: Opera/7.54 (Windows NT 5.1; U) [it]
Host: 192.168.11.208:8180
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png,
image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: it, en
Accept-Charset: windows-1252, utf-8, utf-16, iso-8859-1;q=0.6, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Referer: http://192.168.11.208:8180/jetspeed
Pragma: no-cache
Via: 1.1 calamaro_due:3128 (squid/2.5.STABLE10-20050607), 1.0
calamaro_uno:3128 (squid/2.5.STABLE10-20050607)
X-Forwarded-For: 192.168.11.243, 192.168.11.208
Cache-Control: no-cache, max-age=86400
Connection: keep-alive
Makes sense. Your leaf proxy reconstructed the URL as
http://192.168.11.208:8180/jetspeed, which is itself, and your forwarding
rules does not tell it any specific instructions from where this should be
requested.
Try this:
* Set "never_direct allow all" on both proxies, denying Squid to forward a
request anywhere else than explicitly told from the config.
* On the leaf proxy, use cache_peer to the inner proxy. Also set
httpd_accel_host to your main site name (this will be used for HTTP/1.0
clients not sending a Host header).
* On the inner proxy, use cache_peer to the web server.
Regards
Henrik
