Re: [squid-users] Forwarding loop after rebooting.

From: Mark Stevens <mark.stevens99@dont-contact.us>
Date: Mon, 24 Apr 2006 19:16:34 +0100

Much thanks for replies.

I have blocked http_access to all except child squids to prevent exploitation.

I'm still a tad confused to why this problem only happens when the
master proxy is down for a short period.

Maybe the negative hits were causing it to redirect to itself, and
then requests were denied when the child squids expected the proxy to
act as a proxy and not just an accelerator.

An interesting 'gotcha' considering the setup has been running fine
for about 8 months.

Thanks again!

On 24/04/06, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> sön 2006-04-23 klockan 23:48 +0100 skrev Mark Stevens:
>
>
> > 2006/04/23 23:24:23| clientAccessCheck: proxy request denied in accel_only mode
>
> This is important... your Squid is used as a peer proxy, but your
> configuration does not allow this Squid to be used as a proxy (only
> accelerator).
>
> > Access log extract:
> >
> > 10.1.1.3 - - [23/Apr/2006:23:24:23 +0100] "GET
> > http://myurl.mydomain.com/myfolder1/ HTTP/1.0" 403 1401
> > TCP_DENIED:NONE
> > 10.1.1.3 - - [23/Apr/2006:23:24:23 +0100] "GET
> > http://myurl.mydomain.com/myfolder1/ HTTP/1.0" 403 1427
> > TCP_MISS:FIRST_UP_PARENT
>
> Looks to me like your Squid uses itself as parent.
>
> What cache_peer statements do you have? Do any of these points back to
> yourself either directly or indirectly via cache_peer statements at that
> peer?
>
>
> Related note: If you have multiple Squids clustered by the same visible
> name, make sure each have a unique unique_hostname set.
>
> Regards
> Henrik
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
>
> iD8DBQBETAiz516QwDnMM9sRAn+hAJ9CGC4QjX6NvVEXcs3rLsDGOc7UCgCff1LH
> QVV+ANArd02yRSyXBgiNGsM=
> =5Ets
> -----END PGP SIGNATURE-----
>
>
>
Received on Mon Apr 24 2006 - 12:16:35 MDT

This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT