Dean Weimer wrote:
I have a problem with a website that doesn't like going through a
parent child proxy setup, if you access the site pointing the client
directly at the parent proxy it open just fine. However, when the
client accesses the website using the child proxy the page fails to
load. I have no control over the website and have sent a request to
the support for the site to help resolve the issue. While waiting to
hear back from them, I was wondering if possibly disabling the via
headers would potential help, but wasn't sure of the consequences
that doing so would have. The eventual configuration in this scenario
is to have 2 parents with a single child, one server can easily
handle the number of clients we have, but we want to use the 2
parents to handle load balancing on multiple internet connections. I
have already used ACLs to send this website along with others I know
have problems with multiple source IPs in a single session, through a
single parent so that they only have failover and not load balancing.
This has been verified to work on all the other sites that I know
clients need that have this problem. I have verified by use of a
packet sniffer that this site is correctly trying to go out a single
parent proxy server, and I am considering disabling the via header to
see if that resolves the issue. In addition to any possible problems
with disabling the via headers, would it be better to do it on the
parent proxies or on the child proxy server, if it doesn't have to be
done on both. If it's of any consequence, I do have the
forwarded_for directive set to off on the parents and the child proxy
server.
Thanks, Dean Weimer Network Administrator Orscheln Management Co
Hi Dean, sorry for the long delay.
Via: header is used primarily to prevent looping when forwarding
requests between proxies. And also to allow trace-backs for a) security
tracking malicious traffic events and b) debugging flow through
hierarchies of caches.
If you have a simple one-way flow of request traffic
client-child-parent-web then there is very little chance of the
looping occuring and Via: ceases to be mandatory. Still highly useful
though.
If you have a peering link between the parent servers (sibling to each
other) or any kind of downward link to have parent proxies send requests
to childs. Then Via: becomes mandatory to detect when loops occur.
Correct configuration is still required to prevent the loops, but
without Via: in these situations you only have vague my internet hangs
from users to go by.
Hope this helps.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
Current Beta Squid 3.1.0.7
