On 11/09/10 00:21, David Blaisonneau wrote:
Hi ! I am having trouble with my squid proxy: everything is ok, except fetching the gpg signature. My proxy is behind another proxy and everything should go to through it. But with this request the proxy wants to go directly to the web server. Can someone help me please ? I have burn all my neurones to solve this problem. Thanks a lot. The following request does not work: server1:~# gpg --keyserver pgpkeys.mit.edu --recv-keys C514AF8E4BA401C3 gpg: requesting key 4BA401C3 from hkp server pgpkeys.mit.edu gpg: keyserver timed out gpg: keyserver receive failed: keyserver error The equivalent HTTP request is not working anymore: server1:~# wget 'http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3' --2010-09-10 11:35:56-- http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3 Resolving myway... 192.168.100.2 Connecting to myway|192.168.100.2|:3128... connected. Proxy request sent, awaiting response... 504 Gateway Time-out 2010-09-10 11:38:55 ERROR 504: Gateway Time-out. Squid logs are: ==> /var/log/squid/access.log <== 1284122031.432 180023 192.168.100.11 TCP_MISS/504 1529 GET http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3 - DIRECT/18.9.60.141 text/html ==> /var/log/squid/store.log <== 1284122031.432 RELEASE -1 FFFFFFFF 2CC990F7B7B5BDA236B4C689AF96F7CE 504 1284122031 -1 1284122031 text/html 1160/1160 GET http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3 What makes me perplex is this result: without parameters the HTTP request is going out to the good way. server1:~# wget 'http://pgpkeys.mit.edu:11371 --2010-09-10 13:51:48-- http://pgpkeys.mit.edu:11371/ Resolving myway... 192.168.100.2 Connecting to myway|192.168.100.2|:3128... connected. Proxy request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: `index.html' [ <=> ] 1,995 --.-K/s in 0s 2010-09-10 13:51:53 (105 MB/s) - `index.html' saved [1995] Squid logs are: ==> /var/log/squid/access.log <== 1284121918.557 245 192.168.100.11 TCP_MISS/200 2300 GET http://pgpkeys.mit.edu:11371/ - FIRST_UP_PARENT/172.20.0.1 text/html ==> /var/log/squid/store.log <== 1284121918.557 RELEASE -1 FFFFFFFF 3828411FC0C814608C64548487002F2D 200 1284118339 -1 -1 text/html -1/1995 GET http://pgpkeys.mit.edu:11371/ Here is my config: <snip> cache_peer 172.20.0.1 parent 80 0 proxy-only no-query
<snip>
hierarchy_stoplist cgi-bin ?
hierarchy_stoplist is blocking any request with "?" or "cgi-bin" in the URL from being passed to the peer.
Squid-2.6 and earlier sent some headers that broke downstream caching passing dynamic stuff out to peers. If your squid is at least 2.7 or later its safe enough to remove.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2