Search squid archive

Re: help needed on WCCP2 with squid 3.1.10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 17 Apr 2011 23:21:44 +0600, AZHAR CHOWDHURY wrote:
Hi Amos,
OK, it was my fault that I posted before run in real network with
WCCP. We are running Squid+tproxy under Policy Based routing without
any major trouble (pls see below of problem are we facing).
This week we will move squid from PBR to  Wccp. The mentioned example
based on vlan dot1q, let me dig with cisco and will raise if face any
problem.

1. If we run squid with default conf file, we got cache host name in
"www.whatismyip.com", to avoid that we added following in squid.conf
file:
forwarded_for off

I think "forwarded_for" should be enough.

Possibly also "via off". Though that is not usually required for hotmail (may have changed, the last good analysis was a year or so ago).

<snip>

Now, there is no cache/squid host name in "whatismyip.com", but in
hotmail/live.com's email service inbox no message open, it's shown
a error that another ip  accessing the same page.

Does it say which one? Are you absolutely certain that TPROXY is working? (this error will appear when WCCP is active but TPROXY fails).

I guess we need to add another "request_header_access" rule, any clue on it. Is "http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html"; the final
list of all HEADER LIST?

Hotmail with WCCP pretty much requires TPROXY to be working.

Alternatively if your client machine is a Windows box using IPv6 to talk to Squid-3.1. Windows will by default choose to use "privacy" IPs which rotate through time-based cryptographic hashes embeded in the IP address. As often as every 15 minutes, not retaining one for more than 90 minutes at a stretch. That will show up in the X-Forwarded-For. Setting "forwarded_for transparent" will prevent the proxy IP being inserted. Setting "forwarded_for delete" will erase the header entirely and prevent the "privacy" address from breaking the hotmail-end checks.


Other things to check:
* Check that "balance_on_multiple_ip" is turned OFF in squid.conf. In 3.1 this is the default, but you may have an older config from when it was default to being in the file and set on. What that does is make Squid send each request to a different remote server hosting the website. Hotmail require all traffic to arrive at consistent receiving servers. They appear not to care of HTTPS and HTTP go to different ones, but it has to be consistently going to the same place.


2. What  is safe filedescriptors value I should use?


Depends on you and your OS. Anything below 16 million appears safe on Linux.

Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux