The issue if was not understood was not about the localhost acl.. The issue was maybe another thing which is the global name of the proxy as localhost. And I think it's a server issue rather then squid issue. When I have tried with proxy v 3.1.20 it worked only when froward_for header was on. on 3.3.8 it worked for me like a charm with no problem at all in any stage. it might be an issue: 2013/09/23 07:06:05.957| parseHttpRequest: Request Header is Host: www.zrsr.sk User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ASP.NET_SessionId=k0xeysegazsgtq01a34a2gty Connection: keep-alive Pragma: no-cache Cache-Control: no-cache 2013/09/23 07:06:05.957| client_side.cc(2171) parseHttpRequest: repare absolute URL from HttpMsg::parse success (160 bytes) near 'HTTP/1.1 400 Bad Request Content-Type: text/html Server: Microsoft-IIS/8.0 X-Powered-By: ASP.NET Date: Mon, 23 Sep 2013 04:06:09 GMT Content-Length: 11 Bad Request' 2013/09/23 07:06:06.034| 0x7fa84362f200 joining for id 61 in squid 3.3.8 I get: 2013/09/23 07:09:05.966 kid1| http.cc(2205) sendRequest: HTTP Server REQUEST: --------- GET / HTTP/1.1 Host: www.zrsr.sk User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ASP.NET_SessionId=k0xeysegazsgtq01a34a2gty Cache-Control: max-age=259200 Connection: keep-alive ---------- --------- HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Mon, 23 Sep 2013 04:09:51 GMT Content-Length: 5103 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML lang="sk"> <HEAD> <title>ŽIVNOSTENSKÝ REGISTER SLOVENSKEJ REPUBLIKY</title> <meta content="Microsoft Visual Studio.NET 7.0" name="GENERATOR"> <meta content="Visual Basic 7.0" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5"; name="vs_targetSchema"> <LINK href="Styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form method="post" action="" id="Form1"> <div class="aspNetHidden"> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE0NTgwMDY1NDUPZBYCAgEPZBYOAgEPZBYCAgEPFgIeCWlubmVyaHRtbAUwxb1JVk5PU1RFTlNLJiMyMjE7IFJFR0lTVEVSIFNMT1ZFTlNLRUogUkVQVUJMSUtZZAIEDxYCHwAFEVZ5aMS+YWRhxaUgcG9kxL5hZAIGDw8WAh4EVGV4dAUEScSMT2RkAggPDxYCHwEFEG9iY2hvZG7DqWhvIG1lbmFkZAIKDw8WAh8BBSBwcmllenZpc2thIGEgbWVuYSBmeXppY2tlaiBvc29ieWRkAgwPDxYCHwEFFGFkcmVzeSBwcmV2w6Fkemthcm5lZGQCDg9kFg4CAQ8WAh4HVmlzaWJsZWgWCgIBDxYCHwAFE1Z5aMS+YWRhxaUgcG9kxL5hIDpkAgMPDxYCHwEFBEnEjE9kZAIFDw8WAh8BBRBvYmNob2Ruw6lobyBtZW5hZGQCBw8PFgIfAQUg ---------- So I assume an upgrade to 3.3.8 should do the trick since 3.1.20 wont get a major update?? or it's another issue? Eliezer On 09/20/2013 09:27 AM, Mgr. Peter Tuharsky wrote: > Thank You for Your reply. I have identified a name resolving issue so far. > > I'm not sure however, what should be in acl localhost src and acl > localnet src. > > Peter > > Dňa 20.09.2013 05:09, Amos Jeffries wrote / napísal(a): >> On 17/09/2013 6:24 p.m., Mgr. Peter Tuharsky wrote: >>> .Via: */ >>> 0x31, 0x2e, 0x30, 0x20, 0x6c, 0x6f, 0x63, 0x61, /* 1.0 loca */ >>> 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x20, 0x28, 0x73, /* lhost >> >> Your Squid is for some reason identifying its *public* domain name as >> "localhost". >> >> This has bitten a few people when their proxy tried to interact with a >> second proxy (upstream or downstream) whch also identified its public >> FQDN the same way. >> What you need is to setup the machine the proxy is running on such that >> hostname produces a resolvable FQDN, and that name has preferrably both >> forward and reverse DNS (the latest Squid still check for rDNS but do >> not break if it differs). Also any IP addresses used in the >> http_port/https_port forward-proxy directive need to have rDNS pointing >> at a publicly resolvable FQDN. >> >> Amos
