Rekan-rekan milis, Maaf sebelumnya, email ini merupakan gabungan dari 2 email sebelumnya, sehingga pertanyaannya menjadi jelas. Mohon bantuan dari rekan-rekan.
Saya mohon pertolongannya untuk Squid tranparent dengan 2 NIC: 10.99.77.77 (internet) dan 10.99.99.99 (lokal). terdapat log berikut pada daemon.log Dec 17 19:51:45 localhost squid[4161]: WARNING: Forwarding loop detected for: Client: 10.99.99.99 http_port: 10.99.99.99:8080 HEAD http://10.99.99.99:8080/ HTTP/1.0^M Host: 10.99.99.99:8080^M Via: 1.0 proxy:8080 (squid/2.7.STABLE4), 1.0 proxy:8080 (squid/2.7.STABLE4)^M Cache-Control: max-age=259200^M Connection: keep-alive^M ^M yang sudah saya lakukan: 1. header_access Via deny all --> menyebabkan file descriptornya habis, padahal sudah di set 8192. 2. tcp_outgoing_address 10.99.77.77 --> hanya berefek Client:10.99.77.77 3. always_direct allow all --> tidak ada efeknya Apa yang harus dilakukan agar tidak ada forwarding loop ya? Kalo tidak salah forwarding loop bisa menyebabkan semacam DOS bagi squid itu sendiri, CMIIW. Topologi dan squid.conf ada di bawah. Atas perhatian dan tanggapannya, saya ucapkan terima kasih. TIA, Andre Topologi network User ------ Router ------ Internet | | 10.99.99.99>| |<10.99.77.77 (request ke internet) (lokal) Proxy Semua request port 80 ke router diarahkan ke proxy 10.99.99.99:8080. Squid.conf: authenticate_cache_garbage_interval 3600 seconds authenticate_ttl 3600 seconds authenticate_ip_ttl 0 seconds authenticate_ip_shortcircuit_ttl 0 seconds acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localnet src 10.99.77.0/255.255.255.0 acl localnet3 src 10.99.99.0/255.255.255.0 acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/255.0.0.0 acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 81 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl apache rep_header Server ^Apache http_access Allow manager localhost http_access Allow localnet3 http_access Deny manager http_access Deny !Safe_ports http_access Deny CONNECT !SSL_ports http_access Allow localnet http_access Deny all http_reply_access Allow all icp_access Allow localnet icp_access Deny all htcp_access Deny all htcp_clr_access Deny all reply_body_max_size 0 Allow all http_port 10.99.99.99:8080 transparent protocol=http zph_mode off zph_local 0 zph_sibling 0 zph_parent 0 zph_option 136 dead_peer_timeout 10 seconds cache_mem 16777216 bytes maximum_object_size_in_memory 131072 bytes memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir ..... (potong2 yang ga perlu) store_dir_select_algorithm least-load max_open_disk_fds 0 minimum_object_size 0 bytes maximum_object_size 33554432 bytes cache_swap_low 98 cache_swap_high 99 update_headers on access_log none logfile_daemon /usr/local/squid/libexec/logfile-daemon cache_log /dev/null cache_store_log none cache_swap_state /cache3/cosslog logfile_rotate 10 emulate_httpd_log off log_ip_on_direct on mime_table /usr/local/squid/etc/mime.conf log_mime_hdrs off pid_filename /usr/local/squid/var/logs/squid.pid debug_options ALL,1 log_fqdn off client_netmask 255.255.255.255 strip_query_terms on buffered_logs off netdb_filename /usr/local/squid/var/logs/netdb.state ftp_user Squid@ ftp_list_width 32 ftp_passive on ftp_sanitycheck on ftp_telnet_protocol on diskd_program /usr/local/squid/libexec/diskd-daemon unlinkd_program /usr/local/squid/libexec/unlinkd pinger_program /usr/local/squid/libexec/pinger storeurl_rewrite_children 5 storeurl_rewrite_concurrency 0 url_rewrite_children 5 url_rewrite_concurrency 0 url_rewrite_host_header on redirector_bypass off location_rewrite_children 5 location_rewrite_concurrency 0 max_stale 604800 seconds refresh_pattern ^ftp: 10080 95% 241920 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 10 95% 4320 quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 98 read_ahead_gap 16384 bytes negative_ttl 0 seconds positive_dns_ttl 86400 seconds negative_dns_ttl 10 seconds range_offset_limit 0 bytes minimum_expiry_time 60 seconds store_avg_object_size 13 KB store_objects_per_bucket 20 request_header_max_size 20480 bytes reply_header_max_size 20480 bytes request_body_max_size 0 bytes via on cache_vary on broken_vary_encoding Allow apache collapsed_forwarding off refresh_stale_hit 0 seconds ie_refresh off vary_ignore_expire off request_entities off header_access Accept-Encoding Deny all header_access X-Forwarded-For Deny all relaxed_header_parser on server_http11 on ignore_expect_100 off forward_timeout 240 seconds connect_timeout 60 seconds peer_connect_timeout 30 seconds read_timeout 900 seconds request_timeout 300 seconds persistent_request_timeout 120 seconds client_lifetime 7200 seconds half_closed_clients off pconn_timeout 60 seconds shutdown_lifetime 10 seconds cache_mgr webmaster mail_program mail cache_effective_user nobody httpd_suppress_version_string off visible_hostname proxy umask 23 announce_period 31536000 seconds announce_host tracker.ircache.net announce_port 3131 httpd_accel_no_pmtu_disc off delay_pools 0 delay_initial_bucket_level 50 wccp_router 0.0.0.0 wccp_version 4 wccp2_rebuild_wait on wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 wccp2_service standard 0 wccp2_weight 10000 wccp_address 0.0.0.0 wccp2_address 0.0.0.0 client_persistent_connections off server_persistent_connections on persistent_connection_after_error off detect_broken_pconn off digest_generation on digest_bits_per_entry 5 digest_rebuild_period 3600 seconds digest_rewrite_period 3600 seconds digest_swapout_chunk_size 4096 bytes digest_rebuild_chunk_percentage 10 snmp_port 3401 snmp_access Deny all snmp_incoming_address 0.0.0.0 snmp_outgoing_address 255.255.255.255 icp_port 3130 htcp_port 4827 log_icp_queries off udp_incoming_address 0.0.0.0 udp_outgoing_address 255.255.255.255 icp_hit_stale off minimum_direct_hops 4 minimum_direct_rtt 400 netdb_low 900 netdb_high 1000 netdb_ping_period 300 seconds query_icmp off test_reachability off icp_query_timeout 0 maximum_icp_query_timeout 2000 minimum_icp_query_timeout 5 mcast_icp_query_timeout 2000 icon_directory /usr/local/squid/share/icons global_internal_static on short_icon_urls off error_directory /usr/local/squid/share/errors/English err_html_text nonhierarchical_direct on prefer_direct off ignore_ims_on_miss off max_filedescriptors 0 tcp_recv_bufsize 0 bytes incoming_rate 30 check_hostnames on allow_underscore on dns_retransmit_interval 5 seconds dns_timeout 120 seconds dns_defnames off dns_nameservers 127.0.0.1 dns_nameservers 202.134.1.10 dns_nameservers 203.130.209.242 dns_nameservers 202.134.0.155 hosts_file /etc/hosts dns_testnames netscape.com dns_testnames internic.net dns_testnames nlanr.net dns_testnames microsoft.com ignore_unknown_nameservers on ipcache_size 4096 ipcache_low 98 ipcache_high 99 fqdncache_size 4096 memory_pools off memory_pools_limit 5242880 bytes forwarded_for on client_db on reload_into_ims on maximum_single_addr_tries 1 retry_on_error off as_whois_server whois.ra.net offline_mode off uri_whitespace strip coredump_dir /cache balance_on_multiple_ip on pipeline_prefetch on high_response_time_warning 0 high_page_fault_warning 0 high_memory_warning 0 bytes sleep_after_fork 0 zero_buffers on windows_ipaddrchangemonitor on ___________________________________________________________________________ Yahoo! sekarang memiliki alamat Email baru. Dapatkan nama yang selalu Anda inginkan di domain baru @ymail dan @rocketmail. Cepat sebelum diambil orang lain! http://mail.promotions.yahoo.com/newdomains/id/ -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [email protected] Arsip dan info milis selengkapnya di http://linux.or.id/milis
