Hello again here few updates of my cache.log and access.log
Can anybody translat to me what does that mean, I have changed my real site
to "mysite"
Thank you all
I tried www.mysite.org from a local machine which is 192.168.1.1
remember the router is actually on 192.168.1.4 which is also the Squid
machine.
########################################################################
cache log report
***********************************************************************
2010/03/26 20:41:24| WARNING: Forwarding loop detected for:
GET /favicon.ico HTTP/1.0
Host: www.mysite.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.18)
Gecko/2010021501 Ubuntu/8.04 (hardy) Firefox/3.0.18
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Via: 1.1 proxy (squid/3.0.STABLE25)
X-Forwarded-For: 192.168.1.1
Cache-Control: max-age=259200
Connection: keep-alive
2010/03/26 20:47:02| WARNING: Forwarding loop detected for:
GET / HTTP/1.0
Host: www.mysite.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.18)
Gecko/2010021501 Ubuntu/8.04 (hardy) Firefox/3.0.18
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: http://www.mysite.org
Via: 1.1 proxy (squid/3.0.STABLE25)
X-Forwarded-For: 192.168.1.1
Cache-Control: max-age=259200
Connection: keep-alive
##########################################################################
acces.log
********************************************************************
1269636041.546 157 192.168.1.1 TCP_MISS/200 5178 GET
http://www.google.com/ - DIRECT/66.102.9.104 text/html
1269636041.727 163 192.168.1.1 TCP_MISS/200 9340 GET
http://www.google.com/intl/fr_ALL/images/logo.gif - DIRECT/66.102.9.104
image/gif
1269636042.006 168 192.168.1.1 TCP_MISS/200 21210 GET
http://www.google.com/extern_js/f/CgJmciswCjheQB0sKzAOOAwsKzAWOBcsKzAXOAYsKzAYOAUsKzAZOBksKzAdOCUsKzAlOMqIASwrMCY4CSwrMCc4BCwrMCo4AywrMCs4CiwrMDw4AiwrMEA4DSwrMEQ4AiwrMEU4ASwrME44ASw/BYTXK9Z1bX4.js -
DIRECT/66.102.9.104 text/javascript
1269636042.099 59 192.168.1.1 TCP_MISS/200 4144 GET
http://www.google.com/extern_chrome/1ae1d100aea24288.js -
DIRECT/66.102.9.104 text/html
1269636042.164 113 192.168.1.1 TCP_MISS/204 239 GET
http://clients1.google.com/generate_204 - DIRECT/209.85.227.101 text/html
1269636042.212 42 192.168.1.1 TCP_MISS/200 6059 GET
http://www.google.com/images/nav_logo8.png - DIRECT/66.102.9.104 image/png
1269636042.298 127 192.168.1.1 TCP_MISS/204 329 GET
http://www.google.com/csi? - DIRECT/66.102.9.105 text/html
1269636054.744 0 192.168.1.1 TCP_HIT/200 456 GET http://192.168.1.3/ -
NONE/- text/html
1269636054.865 6 192.168.1.1 TCP_MISS/404 665 GET
http://192.168.1.3/favicon.ico - DIRECT/192.168.1.3 text/html
1269636057.864 0 192.168.1.1 TCP_NEGATIVE_HIT/404 674 GET
http://192.168.1.3/favicon.ico - NONE/- text/html
1269636084.636 1 81.98.104.57 TCP_MISS/403 2263 GET
http://www.mysite.org/ - NONE/- text/html
1269636084.637 92 192.168.1.1 TCP_MISS/403 2327 GET
http://www.mysite.org/ - FIRST_UP_PARENT/main text/html
1269636084.667 1 81.98.104.57 TCP_MISS/403 2264 GET
http://www.mysite.org/favicon.ico - NONE/- text/html
1269636084.668 2 192.168.1.1 TCP_MISS/403 2328 GET
http://www.mysite.org/favicon.ico - FIRST_UP_PARENT/main text/html
1269636087.667 0 192.168.1.1 TCP_NEGATIVE_HIT/403 2335 GET
http://www.mysite.org/favicon.ico - NONE/- text/html
1269636098.347 0 192.168.1.1 TCP_NEGATIVE_HIT/403 2335 GET
http://www.mysite.org/ - NONE/- text/html
1269636422.015 1 81.98.104.57 TCP_MISS/403 2319 GET
http://www.mysite.org/ - NONE/- text/html
1269636422.016 105 192.168.1.1 TCP_MISS/403 2383 GET
http://www.mysite.org/ - FIRST_UP_PARENT/main text/html
Your time and help will be much appreciated
Thanking you in advance
Regards
Adam
----- Original Message -----
From: "Ron Wheeler" <rwheeler@xxxxxxxxxxxxxxxxxxxxx>
To: "Adam@Gmail" <adbasque@xxxxxxxxxxxxxx>
Sent: Friday, March 26, 2010 5:14 PM
Subject: Re: Help with accelerated site
There are 2 uses for Squid:
1) to act as a proxy for browsers inside your network that want to get out
to the Internet and you want to avoid 2 people downloading the same big
file by having squid remember pages that it sees go by and giving the
second requester the copy that is already in cache on its disk. In this
case it is usually watching on port 3128 on the NIC attached to your
internal LAN for requests that should be sent out on the public address.
2) To act as an accelerator for people outside who want pages from your
web server. In this case it is watching for requests coming in on port 80
on the NIC that carries the public address and cheching to see if the page
that they are requesting is in its cache and if it is, it responds to the
request without bothering the webserver.
Note in Case 2, it is not doing anything for your people on the inside
since they do NOT come in through the ethernet interface that Squid is
watching.
You have to be clear in your configuring and testing that you are testing
with the right connections.
If you are testing case 2, you need to be outside your network to test.
If you come into port 80 on the ethernet NIC that is part of your internal
LAN, your accelerator may not even see it.
Make sure that your firewall setup matches what you are trying to do.
If you have got everything set up for whichever case you are testing, you
might want to ask some of these questions to see what is happening.
What happens when you try to reference the proxy with a browser on port
80?
What is showing up in your squid log when you make the request?
What is showing up in your firewall log when you make the request?
What is showing up in the Apache log when you make the request?
Post some of these results when asking for help. The answer usually is in
the logs.
Ron
Adam@Gmail wrote:
Hi Al,
thanks for your reply, I don't acutally have a problem with the apache
because the webserver is on another machine as the backend server
switching off the apache running on the proxy machine doesn't bother me
what I am having a problem with is that it doesn't pull the website from
the backend server
and right now it won't even allow me access from the local network
I have commented out all of the deny accesses and yet it still won't
allow any machine on my local network to access the internet.
You can do both with Apache but the configurations and problems are very
different.
What exactly are you trying to do?
Try to get one working first and then go after the other.
That's what I found very strange.
My proxy server runs freely on a dedicated machine nothing else runs on
that machine.
Regards
Adam
----- Original Message ----- From: "Al - Image Hosting Services"
<azick@xxxxxxxxxxxxxxxxxxxx>
To: "Adam@Gmail" <adbasque@xxxxxxxxxxxxxx>
Cc: <squid-users@xxxxxxxxxxxxxxx>
Sent: Friday, March 26, 2010 1:24 AM
Subject: Re: Help with accelerated site
Hi,
Although you can't have apache and squid listening on port 80 on the
same IP, you can have them both running on port 80 on the same machine.
Just do this:
Change your apache config to:
"Listen 127.0.0.1:80"
Change your squid config to:
"cache_peer 127.0.0.1 parent 80 0 no-query originserver" "http_port
1.2.3.4:80 accel vhost"
Where 1.2.3.4 is, put your public IP.
-Al
On Thu, 25 Mar 2010, Adam@Gmail wrote:
Date: Thu, 25 Mar 2010 16:30:33 -0000
From: "Adam@Gmail" <adbasque@xxxxxxxxxxxxxx>
To: Ron Wheeler <rwheeler@xxxxxxxxxxxxxxxxxxxxx>
Cc: Amos Jeffries <squid3@xxxxxxxxxxxxx>, squid-users@xxxxxxxxxxxxxxx
Subject: Re: Help with accelerated site
Hi All,
Thank you guys for your help
I have tried your suggestions,
Yes Ron I know that two programmes can't both listen on the same port
at the same time
but I thought the Apache was essential for the Proxy server, so thanks
for the suggestion,
I am including bits of my config here, because now I am getting "Access
Denied" even from a local network:
Can you guys please take a look at it and see if you can spot what's
causing the access denied.
note I have tried to allow everything and removed all the "deny"
directives and yet it's still denies any access from my local network.
That is why I get so confused with Squid, I don't understand it's logic
to be perfectly honest, and let me remind you that this config used to
work just fine at least it used to allow access to the internet to all
the clients on my local network.
#############################
# Other Access Controls
#############################
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl our_networks dst 192.168.1.0/32
acl our_sites dstdomain www.mysite.org
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
# acl localnet src 192.168.0.0/32 # RFC1918 possible internal network
acl localnet src 192.168.1.0/32 #Local Network
acl myaccelport port 80
# acl FTP proto FTP
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
#http_access deny manager
# http_access deny !Safe_ports
http_access allow localnet
#http_access deny all
# http_access allow intranet
# http_access deny all
http_access allow our_networks
icp_access allow localnet
#icp_access deny all
htcp_access allow localnet
#htcp_access deny all
http_acceess allow CONNECT
#http_access deny all
hosts_file /etc/hosts
visible_hostname proxy
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_effective_user squid
access_log /usr/local/squid/var/logs/access.log squid
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
pid_filename /usr/local/squid/var/logs/squid.pid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
icp_port 3130
htcp_port 4827
# allow_underscore on
coredump_dir /usr/local/squid/var/cache
Can anyone see what's wrong with this config and if possible to point
it out to me, your help would be much appreciated
Thanking you in advance
Regards
Adam
----- Original Message ----- From: "Ron Wheeler"
<rwheeler@xxxxxxxxxxxxxxxxxxxxx>
To: "Adam@Gmail" <adbasque@xxxxxxxxxxxxxx>
Cc: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>;
<squid-users@xxxxxxxxxxxxxxx>
Sent: Thursday, March 25, 2010 1:58 AM
Subject: Re: Help with accelerated site
Adam@Gmail wrote:
Hello there,
Thanks for the reply Ron and Amos
Maybe my original e-mail wasn't clear a bit confusing I am sorry if I
confused you
I have squid running on Machine A with let's say local ip 192.168.1.4
the backend server is running on machine B and ip address 192.168.1.3
Now, instead of getting the website that is located on Machine B
192.168.1.3 which is listening on port 81 not 80.
I am getting the default Apache Page on the Proxy server Machine
which is 192.168.1.4
And I do have the vhost in my configuration
Well there are two apaches running on the two machines, the proxy
machine and the web-server machine, except the web-server apache
listens on port 81, logically (technically) speaking it should work,
but for some reason it doesn't.
I hope it makes more sense to you what I am trying to describe here
Very helpful.
You can not have apache listening for port 80 on 192.168.1.4 and Squid
trying to do the same thing.
Only one process can have port 80.
You will very likely find a note in the squid logs that says something
to the effect that squid can not bind to port 80.
If you shutdown apache on 192.168.1.4 and restart squid, your proxy
will work (if the rest of the configuration is correct)
If you then try to start apache on 192.168.1.4 it will certainly
complain loudly about port 80 not being free.
If you want to use Apache on both 192.168.1.4 and 192.168.1.3 you need
to set the apache on 192.168.1.4 to listen on port 81 and set squid to
proxy to the apache on 192.168.1.4 and use apache's proxy and vhost
features to reach 192.168.1.5 which can be set to listen on port 80.
This will support
browser=>Squid on 192.168.1.4 ==> Apache on 192.168.1.4:81 (vhost)
==>Apache 192.168.1.3:80
That is a pretty common approach.
Ron
Thank you all for your help
Regards
Adam
----- Original Message ----- From: "Amos Jeffries"
<squid3@xxxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Thursday, March 25, 2010 1:01 AM
Subject: Re: Help with accelerated site
On Wed, 24 Mar 2010 19:48:27 -0400, Ron Wheeler
<rwheeler@xxxxxxxxxxxxxxxxxxxxx> wrote:
What is squid proxying?
Usually the normal behaviour is exactly what you are getting since
squid
normally proxies Apache on 80.
Browser ==> Squid on 80==>proxied to Apache on port 81.
If Squid is not proxying Apache, then it looks like you have Apache
running on 80.
If you are trying to redirect port 80 to another program that is
not
Apache, then you need to get Apache off port 80.
You can not have 2 programs listening to port 80.
If Apache is running and owns port 80, Squid will not start.
If this is the case, You likely have errors in the logs to this
effect.
Shut down Apache and and restart Squid.
Try to start Apache and now it should howl with anger (or log in
anger)
at not getting port 80.
Ron
Adam@Gmail wrote:
Hello All,
I have followed this configuration, but when I try and access the
website from outside my network
All I get is the default page of the apache on the machine where
the
Squid proxy is installed
Here is the link:
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
here is the configuration I followed
http_port 80 accel defaultsite=your.main.website.name(changed my
port
to 81 my backend server listens on port 81)I havehttp_port 81
accel
defaultsite=www.my.website.org vhostand then used thiscache_peer
ip.of.webserver parent 80 0 no-query originserver
name=myAccelcache_peer 192.168.1.5 parent 81 0 no query
originserver
name=myAccel(myAccel I have put a name)and then acl our_sites
dstdomain my.website.org
http_access allow our_sites
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all Anybody with any suggestions
please?Any help would be appreciated thank youRegardsAdam
Sorry, took me a while to un-mangle that original email text.
You are missing the "vhost" option on https_port 80. All traffic
Squid
receives on port 80 will go to Apache's default virtual host.
Amos