[
https://issues.apache.org/jira/browse/TS-3636?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Faysal Banna updated TS-3636:
-----------------------------
Description:
Hello Guys.
today i stumbled upon an issue with parent proxy, and let me describe what is
going on.
i have my cache working in forward proxy mode tr-full
proxy.config.reverse_proxy.enabled 0
proxy.config.url_remap.remap_required 0
proxy.config.http.server_ports 8080:tr-full:tr-pass 8099
and in parent.config i have
url_regex=".*distrowatch" parent="77.75.92.61:8080"
now if i do
export http_proxy=127.0.0.1:8099
wget 'http://distrowatch.com' --delete-after
i can see that the request was proxied to the parent cache in squid.log as
shown below:
1432569647.049 823 127.0.0.1 TCP_REFRESH_MISS/200 157668 GET
http://distrowatch.com/ - PARENT_HIT/77.75.92.61 text/html
yet if i go as a client forwarded to the server from my laptop
i issue
wget --delete-after 'http://distrowatch.com'
i get in squid.log
1432570157.718 62805 77.75.88.82 TCP_REFRESH_MISS/200 157598 GET
http://distrowatch.com/ - DIRECT/distrowatch.com text/html
i checked tcpdump on the interface between both caches and i had a result that
ATS was sending parent proxies with origin ip addresses same as the client ip
addresses .
so i did a source-nat (SNAT) via iptables firewall on the interface itself and
originated traffic as if originated from ATS itself
in diags.log i could always see
http parent proxy 77.75.92.61:8080 marked down
in my believe parent proxy should not get client address unless asked for.
since it should always reply to the ATS server so it should get ATS ip address
and not client ip address regardless of being TProxied or not.
unless someone can create some variable to enable disable such feature when
contacting parent proxies.
Regards
was:
Hello Guys.
today i stumbled upon an issue with parent proxy, and let me describe when
going on.
i have my cache working in forward proxy mode tr-full
proxy.config.reverse_proxy.enabled 0
proxy.config.url_remap.remap_required 0
proxy.config.http.server_ports 8080:tr-full:tr-pass 8099
and in parent.config i have
url_regex=".*distrowatch" parent="77.75.92.61:8080"
now if i do
export http_proxy=127.0.0.1:8099
wget 'http://distrowatch.com' --delete-after
i can see that the request was proxied to the parent cache in squid.log as
shown below:
1432569647.049 823 127.0.0.1 TCP_REFRESH_MISS/200 157668 GET
http://distrowatch.com/ - PARENT_HIT/77.75.92.61 text/html
yet if i go as a client forwarded to the server from my laptop
i issue
wget --delete-after 'http://distrowatch.com'
i get in squid.log
1432570157.718 62805 77.75.88.82 TCP_REFRESH_MISS/200 157598 GET
http://distrowatch.com/ - DIRECT/distrowatch.com text/html
i checked tcpdump on the interface between both caches and i had a result that
ATS was sending parent proxies with origin ip addresses same as the client ip
addresses .
so i did a source-nat (SNAT) via iptables firewall on the interface itself and
originated traffic as if originated from ATS itself
in diags.log i could always see
http parent proxy 77.75.92.61:8080 marked down
in my believe parent proxy should not get client address unless asked for.
since it should always reply to the ATS server so it should get ATS ip address
and not client ip address regardless of being TProxied or not.
unless someone can create some variable to enable disable such feature when
contacting parent proxies.
Regards
> Parent Proxy Forward mode ts-full
> ---------------------------------
>
> Key: TS-3636
> URL: https://issues.apache.org/jira/browse/TS-3636
> Project: Traffic Server
> Issue Type: Bug
> Components: Parent Proxy, TProxy
> Reporter: Faysal Banna
> Assignee: Alan M. Carroll
>
> Hello Guys.
> today i stumbled upon an issue with parent proxy, and let me describe what is
> going on.
> i have my cache working in forward proxy mode tr-full
> proxy.config.reverse_proxy.enabled 0
> proxy.config.url_remap.remap_required 0
> proxy.config.http.server_ports 8080:tr-full:tr-pass 8099
> and in parent.config i have
> url_regex=".*distrowatch" parent="77.75.92.61:8080"
> now if i do
> export http_proxy=127.0.0.1:8099
> wget 'http://distrowatch.com' --delete-after
> i can see that the request was proxied to the parent cache in squid.log as
> shown below:
> 1432569647.049 823 127.0.0.1 TCP_REFRESH_MISS/200 157668 GET
> http://distrowatch.com/ - PARENT_HIT/77.75.92.61 text/html
> yet if i go as a client forwarded to the server from my laptop
> i issue
> wget --delete-after 'http://distrowatch.com'
> i get in squid.log
> 1432570157.718 62805 77.75.88.82 TCP_REFRESH_MISS/200 157598 GET
> http://distrowatch.com/ - DIRECT/distrowatch.com text/html
> i checked tcpdump on the interface between both caches and i had a result
> that ATS was sending parent proxies with origin ip addresses same as the
> client ip addresses .
> so i did a source-nat (SNAT) via iptables firewall on the interface itself
> and originated traffic as if originated from ATS itself
> in diags.log i could always see
> http parent proxy 77.75.92.61:8080 marked down
> in my believe parent proxy should not get client address unless asked for.
> since it should always reply to the ATS server so it should get ATS ip
> address and not client ip address regardless of being TProxied or not.
> unless someone can create some variable to enable disable such feature when
> contacting parent proxies.
> Regards
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
