On 2/02/2013 1:42 p.m., Eliezer Croitoru wrote:
On 2/2/2013 2:35 AM, Eliezer Croitoru wrote:
I was trying to access my /squid-internal-mgr/* and it seems to have a
problem.
The visible host name is www1.home ip 192.168.10.1
I have the proper acls to allow manager access and I get:
1359765266.436 10002 192.168.10.100 TCP_MISS/408 0 GET
http://www1.home:3128/squid-internal-mgr/menu - HIER_NONE/- text/html
And I get The connection was reset.
Sorry missing part.
When I am doing it using as forward proxy and use the url to the
intercept port 3127 i'm getting into a loop:
accessing: http://www1.home:3127/squid-internal-mgr/menu
1359765678.173 88894 192.168.10.100 TCP_MISS_ABORTED/000 0 GET
http://www1.home:3127/squid-internal-mgr/menu - HIER_DIRECT/127.0.0.1 -
1359765678.269 88966 127.0.0.1 TCP_MISS_ABORTED/000 0 GET
http://www1.home:3127/squid-internal-mgr/menu - HIER_DIRECT/127.0.0.1 -
........ sme miss abort for a very very long time =\
Ah. Interesting. The pattern is that it is supposed to be just the
visible_hostname value plus the internal manager path.
When you add port it breaks the visible_hostname to URL matching and
Squid relays it onwards to what it thinks is the origin server.
You should have the intercept port listened on by Squid firewalled so
direct connections to it cannot succeed. If you are using DROP to do
that you will see these timeouts, if you are using REJECT you will get a
fast fail result. If you don't have it firewalled properly the lopo
detectino in Squid should kick in.
PS. we had a proposal a while back to to visible_hostname matching per
listening port. But this breaks forwarding loop detection a bit.
Amos
