[Bug 1214856] Re: ipv6 squid deny_info redirect loop

2013-10-06 Thread Amos Jeffries 
this us a user configuration error.

** Bug watch added: Squid Bugzilla #3934
   http://bugs.squid-cache.org/show_bug.cgi?id=3934

** Also affects: squid via
   http://bugs.squid-cache.org/show_bug.cgi?id=3934
   Importance: Unknown
   Status: Unknown

** Changed in: squid (Ubuntu)
   Status: New = Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to squid in Ubuntu.
https://bugs.launchpad.net/bugs/1214856

Title:
  ipv6 squid deny_info redirect loop

To manage notifications about this bug go to:
https://bugs.launchpad.net/squid/+bug/1214856/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1214856] Re: ipv6 squid deny_info redirect loop

2013-10-06 Thread Bug Watch Updater 
Launchpad has imported 2 comments from the remote bug at
http://bugs.squid-cache.org/show_bug.cgi?id=3934.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2013-09-30T08:12:46+00:00 Krzysztof-kulaj-s wrote:

Hello,

I think, there is a problem with deny_info web page when squid is
running ipv6 only box. The problem appears on Ubuntu 12.04 LTS server
x86_64 (squid from package - 3.1.19) as well as Ubuntu 13.10 (squid from
package - 3.3.8). I tested this with firefox and opera - in both cases I
got a lot of answers, and firefox end connection with user-message:
Firefox has detected that the server is redirecting the request for
this address in a way that will never complete.. In Firebug from
Firefox I see a lot of GET webpage with code 302 Moved Temporarily. In
firefox squid is set simply as a proxy on port 3128. There is no any
problems with dns or routing on squid box (as well as client machine)-
all ipv6 addresses (ipv6.google.com, facebook etc) could be simply
pinged or connected.

This bug cane be easily reproducable:

squid.conf:
**
acl manager proto cache_object
acl localhost src ::1
acl to_localhost dst ::1
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl TestNet src 2001:6f8:X::/48 ## global ipv6 network
acl ProxyServer dst 2001:6f8:X::3:1/96 ## global ipv6 address needed
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow ProxyServer
http_access deny TestNet
http_access deny all
http_port 3128
debug_options ALL,3
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
error_directory /etc/squid3/errors
deny_info http://ipv6.google.com TestNet

I've been also trying to show deny_info webpage from internal network, from the 
box where squid is running, and others. I also tried to add ipv6.google.com as 
always_direct, but it bring no results.

/var/log/squid3/access.log

1376732668.599 4 2001:6f8:X:0:68a9:e0da:c29a:1eea TCP_DENIED/302 355 GET 
http://ipv6.google.com/ - NONE/- text/html
1376732668.615 4 2001:6f8:X:0:68a9:e0da:c29a:1eea TCP_DENIED/302 355 GET 
http://ipv6.google.com/ - NONE/- text/html
1376732668.631 4 2001:6f8:X:0:68a9:e0da:c29a:1eea TCP_DENIED/302 355 GET 
http://ipv6.google.com/ - NONE/- text/html

this messages appears 19 times - than connection is closed by firefox.

/var/log/squid3/cache - debug_options ALL,3

2013/08/17 12:02:10.557| fd_open() FD 9 HTTP Request
2013/08/17 12:02:10.557| comm.cc(1207) commSetTimeout: FD 9 timeout 900
2013/08/17 12:02:10.557| ACLList::matches: checking all
2013/08/17 12:02:10.557| ACL::checklistMatches: checking 'all'
2013/08/17 12:02:10.557| aclIpMatchIp: 
'[2001:6f8:X:0:68a9:e0da:c29a:1eea]:43171' found
2013/08/17 12:02:10.557| ACL::ChecklistMatches: result for 'all' is 1
2013/08/17 12:02:10.557| aclmatchAclList: 0x7fff6fe39e10 returning true (AND 
list satisfied)
2013/08/17 12:02:10.557| ACLChecklist::markFinished: 0x7fff6fe39e10 checklist 
processing finished
2013/08/17 12:02:10.559| comm_read_try: FD 9, size 4095, retval 471, errno 0
2013/08/17 12:02:10.559| commio_finish_callback: called for FD 9 (0, 0)
2013/08/17 12:02:10.559| parseHttpRequest: req_hdr = {Host: facebook.com^M
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 
Firefox/23.0^M
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8^M
Accept-Language: en-US,en;q=0.5^M
Accept-Encoding: gzip, deflate^M
Cookie: datr=AX7BUWYNyh5PRT2GW662BWJl; 
fr=0DzAEbBwZNImObX3T.AWX47S4XqF-sSSayEl_aCetGvOw.BRwt6o.9l.FIC.AWWfKZ19; 
lu=TglKZMJcu6Qa8n-2rSmBpPYA; locale=pl_PL; csm=2^M
Connection: keep-alive^M
^M
}
2013/08/17 12:02:10.559| parseHttpRequest: end = {
2013/08/17 12:02:10.559| parseHttpRequest: prefix_sz = 471, req_line_sz = 35
2013/08/17 12:02:10.559| clientStreamInsertHead: Inserted node 0x7f0fd14711e8 
with data 0x7f0fd1473970 after head
2013/08/17 12:02:10.559| comm.cc(1196) commSetTimeout: FD 9 timeout 86400
2013/08/17 12:02:10.559| comm.cc(1207) commSetTimeout: FD 9 timeout 86400
2013/08/17 12:02:10.559| urlParse: Split URL 'http://facebook.com/' into 
proto='http', host='facebook.com',