2013-01-14 16:05, Eliezer Croitoru skrev:
> On 1/14/2013 1:48 PM, Leslie Jensen wrote:
>>
>> I've now upgraded squid to 3.2 and rewritten the firewall rule that
>> resulted in a forwarding loop.
>>
>> Unfortunately I've got no access now and I can't see where I've made the
>> error.
>>
>> The browser says squid is rejecting the requests:
>> Access control configuration prevents your request from being allowed at
>> this time.
>>
>>
>> 1358162295.975 0 172.18.0.1 TCP_MISS/403 4052 GET
>> http://www.skatteverket.se/ - HIER_NONE/- text/html
>> 1358162295.976 11 172.18.0.102 TCP_MISS/403 4137 GET
>> http://www.skatteverket.se/ - HIER_DIRECT/172.18.0.1 text/html
>> 1358162296.110 0 172.18.0.1 TCP_MISS/403 4166 GET
>> http://www.squid-cache.org/Artwork/SN.png - HIER_NONE/- text/html
>> 1358162296.110 99 172.18.0.102 TCP_MISS/403 4251 GET
>> http://www.squid-cache.org/Artwork/SN.png - HIER_DIRECT/172.18.0.1
>> text/html
>> 1358162296.219 0 172.18.0.1 TCP_MISS/403 4058 GET
>> http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
>> 1358162296.219 1 172.18.0.102 TCP_MISS/403 4143 GET
>> http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html
>> 1358162296.239 0 172.18.0.1 TCP_MISS/403 4090 GET
>> http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
>> 1358162296.240 1 172.18.0.102 TCP_MISS/403 4175 GET
>> http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html
>>
>
> Look closly.. it's not squid.
> if it was squid you would have seen TCP_DENIED.
> you get a TCP_MISS which squid is ok with but a remote server DENIES you
> with a 403 response.
>
> I would say it looks pretty bad since every request seems to go into
> squid from two IP addresses which is like a loop.. but one which squid
> can not recognize from an unknown reason.
>
> What have you done in the firewall to prevent the forwarding loop?
>
> By the way did you tried to have a rule that allows all web requests
> from the local machine of the proxy to not be intercepted?
>
> Regards,
> Eliezer
I've tried two things.
First I disabled the rule that redirects the web traffic so that it goes
directly to the Internet.
It works.
Then with the above rule still disabled I made the browser aware of the
proxy by setting it manually in the browser settings.
Then I get the same behaviour.
I'm aware that tcp_miss should not be squid but with the redirecting
rule disabled I do not quite understand where it goes wrong.
I'll look into your suggestion and see if it helps.
Thanks :-)
/Leslie
Received on Mon Jan 14 2013 - 16:00:29 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 15 2013 - 12:00:04 MST