Hello, I have a strange behavior with Squid 2.7.STABLE9 and local requests which should be intercept by the option deny_info. I am using Squid as a reverse proxy. I have configured a list of subdomains (i.e. subdomain.domain.tld) in a file via the option dstdomain, which will be forwarded to the defined cache peer. There is an additional list of domains (i.e. *.domain.tld) which match via wildcard to all other domains, which are not absolutely defined yet and will be forwarded to a custom error page via the option deny_info. The problem is that requests forwarded to the ip of the server, i.e. 192.168.0.1, will be catched up by the option deny_info. But, when the request is forwarded to the ip of the localhost (127.0.0.1), the option deny_info will not match. Now the strange behaviour is that requests to the ip of the localhost but with the destination domain subdomain.domain.tld will be answered successfully. I need a fix because clients get the custom error page for requests via http (NAT to 192.168.0.1) but not the same response via https (nginx to 127.0.0.1). I don´t know where or how I can fix this problem or do more debugging. # Config http_access allow localhost acl foo dstdomain "/file" acl foo_deny dstdom_regex "/ file _deny" http_access allow foo cache_peer 127.0.0.1 parent 8080 0 no-query originserver name=srv1 login=PASS cache_peer_access srv1 allow foo cache_peer_access srv1 deny all deny_info ERR_FOO foo_deny http_access deny foo_deny http_access deny all # Error via curl <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd";> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css"><!-- %l body :lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; } :lang(he) { direction: rtl; } --></style> </head><body id=ERR_CANNOT_FORWARD> <div id="titles"> <h1>ERROR</h1> <h2>The requested URL could not be retrieved</h2> </div> <hr> <div id="content"> <p>The following error was encountered while trying to retrieve the URL: <a href="http://subdomain.domain.tld/";>http://subdomain.domain.tld/</a></p> <blockquote id="error"> <p><b>Unable to forward this request at this time.</b></p> </blockquote> <p>This request could not be forwarded to the origin server or to any parent caches.</p> <p>Some possible problems are:</p> <ul> <li id="network-down">An Internet connection needed to access this domains origin servers may be down.</li> <li id="no-peer">All configured parent caches may be currently unreachable.</li> <li id="permission-denied">The administrator may not allow this cache to make direct connections to origin servers.</li> </ul> <p>Your cache administrator is <a href="mailto:service@xxxxxxxxxx";>service@xxxxxxxxxx</a>.</p> <br> </div> <hr> <div id="footer"> <p>Generated Fri, 28 Nov 2014 13:29:22 GMT by squid (squid)</p> <!-- ERR_CANNOT_FORWARD --> # Error from log 1417181439.852 RELEASE -1 FFFFFFFF B41394C6D2C0281301E5137947DE34E0 504 1417181439 -1 -1 text/html 1509/1509 GET http://subdomain.domain.tld/ Best regards, Mark _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
