Hi Amos , thanks for all explanation. But the problem solved when I added the following directives to the tproxy server : ############################## forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access X-Forwarded-For deny all request_header_access Via deny all request_header_access All allow all ############################# Now everything is working fine with with me But one last thing I need. I need the tproxy server forward the packet with the original ip of the clients .... I mean I want to still keeping the tproxy function whereas now all cliewnts to to the peer with the ip of the tproxy server. I need each user go to the parent proxy with the original ip Can I do it with directive ? Again , here is the directive I put on the tproxy to go to to parent : cache_peer 77.221.104.97 parent 3127 0 no-query no-digest no-tproxy proxy-only thank you alot -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Wednesday, November 12, 2014 6:55 PM To: Ahmed Allzaeem; squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: cache peer problem with two squid one Tproxy --->normal Porxy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 13/11/2014 7:39 p.m., Ahmed Allzaeem wrote: > Hi amos > > I have changed the both hostnames on two servers : > > [root@tproxy ~]# hostname tproxy.com > > > [root@parent ~]# hostname parent.com > > Good. > but , as I told u last time I can see traffic "miss" on the normal > proxy , and "miss" on the tproxy server. > > But it says access denied from normal proxy > > I mean on the normal proxy "parent" there is only miss and no Denied > hits , but it give me error access denid. Just to double check. The access.log records a TCP_MISS/403 ? That is a "Access denied" error coming from the origin server. PS. DENIED is rejection. HIT is acceptance. A single proxy cannot accept and reject at the same time. > > Also I made sure that the ip of tproxy is allowed by acl on the normal > proxy"parent" > Good. > > Again , here is the cache log @ the parent proxy , still says a loop > occurring : > > 2014/11/12 23:33:24 kid1| WARNING: Forwarding loop detected for: > GET / HTTP/1.1 URL "/" is *not* a forward-proxy syntax URL. It is an origin server syntax URL. This URL syntax should only ever be seen as the first (tproxy) configured proxy. Never at the parent. For the parent to receive this message syntax is an "Invalid Request" error. This is therefore very, very strange. > Host: abc.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; > rv:33.0) Gecko/20100101 Firefox/33.0 Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Via: > 1.1 squid (squid/3.4.3) Notice how this is neither "tproxy.com" nor "parent.com" which your hostname is set to. Lets try the shortcut for now and set visible_hostname in both proxies to the relevant tproxy.com//parent.com/ > X-Forwarded-For: 176.58.79.248 Cache-Control: max-age=259200 > Connection: keep-alive > The *only* ways a normal forward-proxy parent could be recording forwarding loops is: 1) Via header already contains its hostname. 2) the URL domain:port resolves in DNS to the proxy listening IP:port. 3) the parent proxy is configured to use itself as a cache_peer. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUZB2aAAoJELJo5wb/XPRjV7AIAI6OZaoaftNd2QoTVHb/6FB8 9rFKQLc1zRfLHTBCO0QM1tq4eph751Gk0SFnzzr0gNw9Mzbg6Tkbkrtkt1jtu33m I0dQ5YOzJpcYhuZ1ufXoMXjV1ihcw33BQit1w80QV/rclQqlYSqMcHXfK1t0bR5n B4oplYBSVxZ+1ttAAUFdVNp//yT7vrNGQezudEsxhkvqOpiaajZcIK5S3AT8msi1 /TYtOoWhVa/nkZDUxMa/BGzAaeq2SED/RQdgCZcCrvCRfbahzFc4nGAtcDho0HVZ yFIYCN5vmEhYfg/0kEkLj4jgiJA9VpfwTOdAX9lGPEHGzO36f8h94lFZoPEFMJU= =+YST -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
