Re: transparent Squid lopping due to User-Agent: Talkback/1.0; Win32 from Q on 1998-11-25 (squid-users)

From: Q <q@dont-contact.us>
Date: Thu, 26 Nov 1998 08:38:19 +1000 (EST)

On Wed, 25 Nov 1998, Wagner Ikeda wrote:

> Hello,
>
> I'm running Squid, with transparent proxy option enabled.
> Environment: FreeBSD 2.2.7, IP-Filter 3.2.9, Squid 2.0.patch2.
>
> natrules and squid.conf are configured the same way as described in the
> FAQ.
>
> The setup works so fine, except sometimes squid loops due to a unknown
> request:
>
> 1998/11/25 08:37:39| parseHttpRequest: end = {FCMP}
> 1998/11/25 08:37:39| parseHttpRequest: prefix_sz = 137, req_line_sz = 41
> 1998/11/25 08:37:39| cbdataAdd: 0x193400
> 1998/11/25 08:37:39| parseHttpRequest: Request Header is
> Content-Length: 49
> User-Agent: Talkback/1.0; Win32
> Content-Type: application/x-spiral-fcmp
>
>
> 1998/11/25 08:37:39| mime_get_header: looking for 'Host'
> 1998/11/25 08:37:39| parseHttpRequest: NAT open failed: (13) Permission
> denied

^^^---- This is concerning. You shouldn't get this message. Make sure that
/dev/ipnat has read permission for nobody (or whatever squid runs as)

There was a bug in the the 2.0 ipf-transparent code that caused squid to
endlessly loop when it couldn't find the request in the ipnat table. This
usually only occured when there was a configuration problem with ipfilter
and no host header was specified in the request. This has been fixed in
2.1 and I have made a patch available for 2.0

Correcting the permissions on /dev/ipnat should fix your problem, but you
might want to consider upgrading to 2.1P2 or at least apply the fix to
2.0.

You can get a patch for 2.0 from
http://www.fan.net.au/~q/squid/squid-2.0+ipf-fix.patch

Remember, your transparent proxy should still work with
http_accel_uses_host_header set to off. This is a good test to ensure that
your IP-Filter setup is functioning correctly.

Seeya...Q

               -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                          _____ / Quinton Dolan - q@fan.net.au
  __ __/ / / __/ / / Systems Administrator
     / __ / _/ / / Fast Access Network
  __/ __/ __/ ____/ / - / Gold Coast, QLD, Australia
                    _______ / Ph: +61 7 5574 1050
                           \_\ SAGE-AU Member
Received on Wed Nov 25 1998 - 15:36:47 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:22 MST