Re: [squid-users] Re: parent problem - TCP_MISS/403 from parent
On 29.08.2014 18:46, Dmitry Melekhov wrote: On 29.08.2014 18:17, babajaga wrote: I remember a bug, I detected in my favourite squid2.7, also in a sandwiched config, with another proxy inbetween: It was not possible to have both squids listen on 127.0.0.1:a/b; had to use 127.0.0.1:a; 127.0.0.2:b That's what I have- one listens on 8090 another one on 8092. So this is not problem. What I can't understand now what is difference between firefox request - which works, and squid request- on which squid says that it is missed, I have to look into traffic :-) OK, I see correct requests from squid to parent squid. But looks like they are http 1.1. But, as I said before, havp works, and it use 1.0, as I see too. Looks like bug, so I'll report one asap :-)
Re: [squid-users] Re: parent problem - TCP_MISS/403 from parent
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 1/09/2014 12:30 a.m., Dmitry Melekhov wrote: On 29.08.2014 18:46, Dmitry Melekhov wrote: On 29.08.2014 18:17, babajaga wrote: I remember a bug, I detected in my favourite squid2.7, also in a sandwiched config, with another proxy inbetween: It was not possible to have both squids listen on 127.0.0.1:a/b; had to use 127.0.0.1:a; 127.0.0.2:b That's what I have- one listens on 8090 another one on 8092. So this is not problem. What I can't understand now what is difference between firefox request - which works, and squid request- on which squid says that it is missed, I have to look into traffic :-) OK, I see correct requests from squid to parent squid. But looks like they are http 1.1. But, as I said before, havp works, and it use 1.0, as I see too. Looks like bug, so I'll report one asap :-) That is not itself a bug. HTTP/1.1 is the latest version of HTTP supported by Squid and 1.1 outgoing is required to be sent. Amos -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUAyvTAAoJELJo5wb/XPRjzr0H/0LrDL3ARaXlbqNVQ/HPWdYn r/iQyYkdpn2ASUZoLcN8LQx8rV689BUwaDhkatQHkJja17BuW7gH6xVWUv2jaHVh kA/q6N2UreACDJ8ebi1+QOkzNN1rxMhUBQzK/oby0tfKlN66PrFckQztlrXZ8VUa iNnqI+ij5GGHntE2Qg6hE5HN8EKD8n6KTUTRI3giWFA7CRu0xXZINANargOKrX6P XKdxV/dZwBLizBLapxnkGTJUUBv2BMOW+cgQOGt3W8uaAc3sfQoHNe9r8RNzAPuz 7vFWGGP3cGj8ijHE3Fxx6cFy9cQdz8rZQmPZ2vek+o0kYIXWfbokgxZQpjEv/aM= =flWi -END PGP SIGNATURE-
[squid-users] Re: parent problem - TCP_MISS/403 from parent
I suspect, you might have some statement like never_direct / always_direct in the squid.conf of first squid with some ACL, which does not match any more. To get a clear picture, pls publish both of actual squid.conf, anonymized. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/parent-problem-TCP-MISS-403-from-parent-tp4667444p4667445.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: parent problem - TCP_MISS/403 from parent
29.08.2014 15:34, Dmitry Melekhov пишет: 29.08.2014 10:45, babajaga пишет: I suspect, you might have some statement like never_direct / always_direct in the squid.conf of first squid with some ACL, which does not match any more. To get a clear picture, pls publish both of actual squid.conf, anonymized. Well, in this case there will be just no requests to parent, right? Anyway , configs are attached. Sorry, configs are too large... :-( I can't attach them here :-( So main question is- if I see request on external squid- then never_direct or always_direct are not responsible, right?
[squid-users] Re: parent problem - TCP_MISS/403 from parent
Yes. You might also try on inner squid.conf: cache_peer 127.0.0.1 parent8092 0 no-digest no-query no-net-db-exchange assuming, you only have one upstream proxy. Outer squid.conf should have NO intercept/transparent in http_port. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/parent-problem-TCP-MISS-403-from-parent-tp4667444p4667452.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: parent problem - TCP_MISS/403 from parent
29.08.2014 16:21, babajaga пишет: Yes. You might also try on inner squid.conf: cache_peer 127.0.0.1 parent8092 0 no-digest no-query no-net-db-exchange I get the same TCP_MISS/403 on parent with this :-( assuming, you only have one upstream proxy. Outer squid.conf should have NO intercept/transparent in http_port. Yes, sure, as I wrote it works if I connects to outer squid from browser, it just doesn't want to process request from another squid. I tried to reverse havp config- and it process requests from havp , really from internal squid+havp. Looks very strange- it somehow know that these requests are from squid and don't want to forward them...
[squid-users] Re: parent problem - TCP_MISS/403 from parent
I remember a bug, I detected in my favourite squid2.7, also in a sandwiched config, with another proxy inbetween: It was not possible to have both squids listen on 127.0.0.1:a/b; had to use 127.0.0.1:a; 127.0.0.2:b To be pragmatic: Whats the purpose of having two squids directly coupled ? Why not to use just one ? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/parent-problem-TCP-MISS-403-from-parent-tp4667444p4667458.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: parent problem - TCP_MISS/403 from parent
On 29.08.2014 18:17, babajaga wrote: I remember a bug, I detected in my favourite squid2.7, also in a sandwiched config, with another proxy inbetween: It was not possible to have both squids listen on 127.0.0.1:a/b; had to use 127.0.0.1:a; 127.0.0.2:b That's what I have- one listens on 8090 another one on 8092. So this is not problem. What I can't understand now what is difference between firefox request - which works, and squid request- on which squid says that it is missed, I have to look into traffic :-) To be pragmatic: Whats the purpose of having two squids directly coupled ? At least three :-) first, afaik, icap doesn't check cached content, so first squid can cache, second checks for viruses. second, authentication- first squid is for users, so it requires auth, second don't, it's practical from logging reason. third, first squid has redirector, so user's can be banned from pron ;-) , second not. Why not to use just one ?