RE: problems with the squid-2.5 connection pinning

[Henrik Nordstrom]

ons 2006-04-19 klockan 07:38 +0800 skrev Steven Wilton:

> When I was sending the "Connection: Proxy-support" header, IE only sent the
> initial request, and never actually tried to complete the NTLM
> authentication handshake.  Removing this header made everything work again.

Odd..

> I still have the "Proxy-Support: Session-Based-Authentication" header (as
> specified in the document fragment that you posted to the list).  I'm not
> sure if that makes any difference for child proxies, and IE works both with
> and without this header.


The reason to this header is child proxies not having support for this
kind of connections. By having it in the Connection header such child
proxies won't forward the header to it's clients.


Hmm.. are you running transparent interception? If so then none of this
applies. The header is only relevant on proxied connections, not
intercepted connections.

Regards
Henrik


signature.asc
Description: Detta är en digitalt signerad	meddelandedel

Re: Hi there

[Michael Pye]

Doug Dixon wrote:
I'd like to catch up here if I may - what's rproxy? I gather it's a 
patch to enhance Squid 2.5's reverse proxy capabilities, but where is 
it, what does it do, etc? How cool is it? ;)


It's a patch by Henrik available at:
http://devel.squid-cache.org/old_projects.html#rproxy

It had been out of date for a long time, originally written for some pre 
2.5 (?) version, but has recently been updated to patch against 
2.5-STABLE12. The features in it useful for me are load balancing of 
back end web servers with healthcheck and "sticky" sessions. Most of its 
features have been ported to squid3.


--
Michael Pye

Re: Hi there

[Doug Dixon]

On 19 Apr 2006, at 10:20, Michael Pye wrote:


Doug Dixon wrote:
I've been a user of Squid for a few years now, and am interested  
in devoting some time to Squid-3.0 development, bugfixing and  
testing.
In terms of features, I'm interested in helping with the reverse  
proxy stuff, e.g. collapsed forwarding etc.


Hi all

I'd just like to back up Dougs comments really. Have been using  
squid for about a year on some heavy traffic sites as an  
accelerator which has been a great performance booster. We have a  
load balanced cluster of squids that have peaked at about 5.5k  
requests per second, and will probably do more. There's no way the  
backend web servers would have coped with that so squid has been a  
big plus for us. Thanks to all.


The discussion on whether to release a 2.6 has interested me  
recently, as a squid2.5+rproxy+customlog+collapsed_forwarding would  
really be useful to me.


The current rproxy patch patches against STABLE12, whilst the  
customlog and collapsed_fowarding patches patch against STABLE13.  
Would it be possible for the rproxy patch to be updated to patch  
against STABLE13?


I can offer a heavily used accelerator environment for testing  
squid3/patches etc.


One small change we've made in our environment is to allow the  
specification of the minimum explicit expiry time in seconds rather  
than minutes as we have some objects that are hit multiple times a  
second but are updated every 30 seconds or so. Works well for us.


Thanks,

--
Michael Pye



Thanks for that

I'd like to catch up here if I may - what's rproxy? I gather it's a  
patch to enhance Squid 2.5's reverse proxy capabilities, but where is  
it, what does it do, etc? How cool is it? ;)


I couldn't find it on the Wiki or the Squid-2.5 Patches page, and  
most stuff on Google is spread over pretty old posts to this list.


Out of interested - is the Wiki maintained much? I see a couple of  
mods by Henrik in Feb this year, but not a lot else. I'd be willing  
to do a bit of work on the wiki - I think they're really great for  
documentation etc. but only if they're up to date, and therefore  
become The Place To Go.


Cheers
D

RE: problems with the squid-2.5 connection pinning

[Steven Wilton]

> -Original Message-
> From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, 19 April 2006 12:10 AM
> To: Steven Wilton
> Cc: squid-dev@squid-cache.org
> Subject: Re: problems with the squid-2.5 connection pinning
> 
> tis 2006-04-18 klockan 08:05 +0800 skrev Steven Wilton:
> 
> > Due to other changes in the squid source, I needed to set the 
> > "must_keepalive" flag on the request to stop squid from closing the 
> > client-side connection
> 
> Hmm.. a bit curious on what this might be.  But I guess it's the 
> persistent_connection_after_error directive..
>
> But I think you are correct. There is little choice but to set
> must_keepalive on pinned connections. Connection semantic is a bit
> different from normal connections.

Yes, it didn't like the initial 403 error, and closed the connection.
 
> > and I also had to remove the "Connection: 
> > Proxy-support" header from being sent back to the client 
> (this caused IE to 
> > get really confused).
> 
> Ugh.. removing this can get you in quite bad situation if 
> there is child
> proxies.
> 
> Can you share some more light on this issue?
 
When I was sending the "Connection: Proxy-support" header, IE only sent the
initial request, and never actually tried to complete the NTLM
authentication handshake.  Removing this header made everything work again.

I still have the "Proxy-Support: Session-Based-Authentication" header (as
specified in the document fragment that you posted to the list).  I'm not
sure if that makes any difference for child proxies, and IE works both with
and without this header.

regards
Steven

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.3/316 - Release Date: 17/04/2006
 

Re: Hi there

[Michael Pye]

Doug Dixon wrote:
I've been a user of Squid for a few years now, and am interested in 
devoting some time to Squid-3.0 development, bugfixing and testing.
In terms of features, I'm interested in helping with the reverse proxy 
stuff, e.g. collapsed forwarding etc.


Hi all

I'd just like to back up Dougs comments really. Have been using squid 
for about a year on some heavy traffic sites as an accelerator which has 
been a great performance booster. We have a load balanced cluster of 
squids that have peaked at about 5.5k requests per second, and will 
probably do more. There's no way the backend web servers would have 
coped with that so squid has been a big plus for us. Thanks to all.


The discussion on whether to release a 2.6 has interested me recently, 
as a squid2.5+rproxy+customlog+collapsed_forwarding would really be 
useful to me.


The current rproxy patch patches against STABLE12, whilst the customlog 
and collapsed_fowarding patches patch against STABLE13. Would it be 
possible for the rproxy patch to be updated to patch against STABLE13?


I can offer a heavily used accelerator environment for testing 
squid3/patches etc.


One small change we've made in our environment is to allow the 
specification of the minimum explicit expiry time in seconds rather than 
minutes as we have some objects that are hit multiple times a second but 
are updated every 30 seconds or so. Works well for us.


Thanks,

--
Michael Pye

Re: problems with the squid-2.5 connection pinning

[Henrik Nordstrom]

tis 2006-04-18 klockan 08:05 +0800 skrev Steven Wilton:

> Due to other changes in the squid source, I needed to set the 
> "must_keepalive" flag on the request to stop squid from closing the 
> client-side connection

Hmm.. a bit curious on what this might be.  But I guess it's the 
persistent_connection_after_error directive..

But I think you are correct. There is little choice but to set
must_keepalive on pinned connections. Connection semantic is a bit
different from normal connections.

> and I also had to remove the "Connection: 
> Proxy-support" header from being sent back to the client (this caused IE to 
> get really confused).

Ugh.. removing this can get you in quite bad situation if there is child
proxies.

Can you share some more light on this issue?

Regards
Henrik



signature.asc
Description: Detta är en digitalt signerad	meddelandedel

Re: Cannot bootstrap.sh

[Henrik Nordstrom]

ons 2006-04-19 klockan 00:01 +1200 skrev Doug Dixon:

> All should sort itself out soon tho - Henrik says he just needs to  
> fix a cron job somewhere.

Squid-3 HEAD on devel.squid-cache.org is now up to date with the master
CVS repository.

Regards
Henrik


signature.asc
Description: Detta är en digitalt signerad	meddelandedel

Re: wccp2

[Adrian Chadd]

On Tue, Apr 18, 2006, Henrik Nordstrom wrote:

> One more task for the TODO:
> 
> Port to Squid-3. To begin with it shouldn't be much more than making it
> compile by a C++ compiler.

It shouldn't be that hard; the only remotely evil bit is the parser.

I'll wait for it to be stable before I port it over.




Adrian

Re: Cannot bootstrap.sh

[Doug Dixon]

Thanks Rob

All should sort itself out soon tho - Henrik says he just needs to  
fix a cron job somewhere.
I've probably got an inconsistent codebase from one of the CVS  
servers (cvs.devel.squid-cache.org).


Cheers
D

On 18 Apr 2006, at 23:49, Robert Collins wrote:


On Tue, 2006-04-18 at 16:07 +1200, Doug Dixon wrote:

Great, thanks!

I've just obtained the latest squid3 code, but bootstrap.sh is
complaining about a missing Makefile.in:

$ ./bootstrap.sh
automake :
autoconfg:
libtool  :
Bootstrapping
configure.in:3022: required file `helpers/external_acl/session/
Makefile.in' not found
automake failed
Autotool bootstrapping failed. You will need to investigate and  
correct

before you can develop on this source tree
$

Sorry if this is old news... but is anyone working to fix that?

(Not sure, but potentially related to http://www.squid-cache.org/ 
bugs/

show_bug.cgi?id=1499)



This is strange. bootstrapping creates the Makefile.in files. What
versions of automake, autoconf do you have ?

Rob
--
GPG key available at: .

Re: Cannot bootstrap.sh

[Robert Collins]

On Tue, 2006-04-18 at 16:07 +1200, Doug Dixon wrote:
> Great, thanks!
> 
> I've just obtained the latest squid3 code, but bootstrap.sh is  
> complaining about a missing Makefile.in:
> 
> $ ./bootstrap.sh
> automake :
> autoconfg:
> libtool  :
> Bootstrapping
> configure.in:3022: required file `helpers/external_acl/session/ 
> Makefile.in' not found
> automake failed
> Autotool bootstrapping failed. You will need to investigate and correct
> before you can develop on this source tree
> $
> 
> Sorry if this is old news... but is anyone working to fix that?
> 
> (Not sure, but potentially related to http://www.squid-cache.org/bugs/ 
> show_bug.cgi?id=1499)


This is strange. bootstrapping creates the Makefile.in files. What
versions of automake, autoconf do you have ?

Rob
-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part

Re: wccp2

[Henrik Nordstrom]

tis 2006-04-18 klockan 14:39 +0800 skrev Adrian Chadd:
> On Mon, Apr 17, 2006, Adrian Chadd wrote:
> 
> > > * finish the dynamic service configuration options
> 
> Done.
> 
> > > * spend some time thinking about what should happen during a cache
> > >   configuration reload
> 
> Steven already did this.
> 
> > > * dump the config out properly through cachemgr
> 
> Done.
> 
> The current TODO list:
> 
> * Make sure all the right bits have been wrapped by the ntoh*() macros
> * Implementing notification when we're shutting down (vs reloading) so
>   we're not sent any more traffic
> * More testing
> 
> This does finally seem to be taking shape.

One more task for the TODO:

Port to Squid-3. To begin with it shouldn't be much more than making it
compile by a C++ compiler.

Regards
Henrik


signature.asc
Description: Detta är en digitalt signerad	meddelandedel

Cannot bootstrap.sh

[Doug Dixon]

Great, thanks!

I've just obtained the latest squid3 code, but bootstrap.sh is  
complaining about a missing Makefile.in:


$ ./bootstrap.sh
automake :
autoconfg:
libtool  :
Bootstrapping
configure.in:3022: required file `helpers/external_acl/session/ 
Makefile.in' not found

automake failed
Autotool bootstrapping failed. You will need to investigate and correct
before you can develop on this source tree
$

Sorry if this is old news... but is anyone working to fix that?

(Not sure, but potentially related to http://www.squid-cache.org/bugs/ 
show_bug.cgi?id=1499)


Cheers
Doug



On 18 Apr 2006, at 13:07, Adrian Chadd wrote:


I approved your subscription. Welcome to the fold!




adrian

On Tue, Apr 18, 2006, Doug Dixon wrote:

Hi all

I've been a user of Squid for a few years now, and am interested in
devoting some time to Squid-3.0 development, bugfixing and testing.

I'd be most interested in helping to get the 3.0 branch up to the
next PRE and STABLE, but obviously there will be some more feature
development.

In terms of features, I'm interested in helping with the reverse
proxy stuff, e.g. collapsed forwarding etc.

Hopefully you'll let me join the squid-dev mailing list which would
be a good starting point :)

Cheers
Doug