Search squid archive

reverse proxy - sporadic TCP_MISS/403

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi everyone,

I have a problem with my reverse proxy running Squid 3.0.STABLE19 in the following scenario:

I give customers access to one of our internal web-applications running tomcat on port 8080 (unencrypted).
The customer accesses the reverse proxy on port 443 (certificates are in place)

When a customer accesses the reverse proxy for the first time he receives:

	Forwarding Denied
	This cache will not forward your request because it is trying to enforce a sibling relationship.  Perhaps the client at xyz.xyz.xyz.xyz (THE CUSTOMERS IP!) is a cache which has been misconfigured.

The access.log of the sever contains the following message:
	1254302414.527      1 xyz.xyz.xyz.xyz TCP_MISS/403 2347 GET https://customer.mycompany.com/ - NONE/- text/html

When the customer does a browser refresh, the login page appears and he can work without any further error messages.

My squid.conf contains the following entries:
	cache_mgr info@xxxxxxxxxxxxx
	access_log /var/log/squid/access.log squid
	
	acl manager proto cache_object
	acl localhost src 127.0.0.1/32
	acl to_localhost dst 127.0.0.0/8
	
	acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
	acl externalnet src all
	
	acl SSL_ports port 443
	acl Safe_ports port 443
	acl CONNECT method CONNECT
	
	http_access deny !Safe_ports
	http_access deny CONNECT !SSL_ports
	
	http_access allow externalnet
	
	http_access deny all
	icp_access deny all
	htcp_access deny all
	
	https_port 443 cert=/etc/ssl/reverse_proxy/customer.mycompany.com.cert key=/etc/ssl/reverse_proxy/customer.mycompany.com.key defaultsite=customer.mycompany.com options=NO_SSLv2 accel
	cache_peer 192.168.1.50 parent 8080 0 no-query originserver name=tomcatapplication # 192.168.1.50 is the internal IP of the tomcat web application
	acl reverse_tomcatapplication dst customer.mycompany.com
	http_access allow reverse_tomcatapplication
	cache_peer_access tomcatapplication allow reverse_tomcatapplication
	cache_peer_access tomcatapplication deny all
	http_access allow all
	miss_access allow reverse_tomcatapplication
	miss_access deny all
	http_access deny all

This error always existed since I installed the reverse proxy for the first time. It was no problem when few customers accessed the system. Since this number will increase a lot in the near future I have to fix this.

Thanks in advance for your help

Michael

-- 
Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/atbrowser
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux