I'm sure about forwarding because I see requests to http://172.22.15.88:3128/squid-internal-periodic/store_digest in parent logs and my parent returns 502 because we do not allow requests to internal IPs. Logs from the parent:
Got request: GET http://172.22.15.88:3128/squid-internal-periodic/store_digest Not allowing blacklisted IP 172.22.15.88 GET http://172.22.15.88:3128/squid-internal-periodic/store_digest 502 0ms I do not have "global_internal_static off" in my config and also I'm able to get http://172.22.15.88:3128/squid-internal-periodic/store_digest using curl or telnet (with telnet I do "GET /squid-internal-periodic/store_digest" – note relative URL). However according to debug logs squid does this request using absolute URL which probably works if target sibling can do direct requests (so it will request itself for digest and return response to original squid). But I do have "never_direct allow all" which probably makes sibling to forward such request to a parent. If my theory about absolute vs relative URL is correct then I believe original squid should make store_digest request using relative URL (like I can do with telnet) so sibling squid will return response right away w/o asking itself for result. This is more complete config (only stripped default things like localnet acls / http_access), note that I have 2 parents actually which I select based on header (but all requests w/o header will go to the first parent), and also have: via off never_direct allow all forwarded_for off # START CONFIG ==================== # Allow HTCP queries from local networks only htcp_access allow localnet htcp_access allow localhost htcp_access deny all # Other squids cache_peer 172.22.15.88 sibling 3128 4827 htcp cache_peer … sibling 3128 4827 htcp acl siblings src 172.22.15.88/32 acl siblings src …/32 miss_access deny siblings acl header_a req_header header_a -i true acl header_b req_header header_b -i true # name1 parent cache_peer 127.0.0.1 parent 18070 0 no-query no-digest name=name1 cache_peer_access name1 deny header_a cache_peer_access name1 deny header_b # name2 parent cache_peer 127.0.0.1 parent 18079 0 no-query no-digest name=name2 cache_peer_access name2 allow header_a cache_peer_access name2 allow header_b cache_peer_access name2 deny all cache_mem … maximum_object_size_in_memory … memory_replacement_policy … cache_replacement_policy … cache_dir aufs … … 16 256 minimum_object_size … bytes # none-zero so we dont cache mistakes maximum_object_size … KB client_db off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 # refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # don't cache errors negative_ttl 0 minutes # always fetch object from the beginning regardless of Range requests range_offset_limit none via off cache_effective_user squid cache_effective_group squid # disable icp icp_port 0 never_direct allow all forwarded_for off # END CONFIG ==================== On Wed, Dec 28, 2016 at 11:15 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 2016-12-29 16:03, Ivan Larionov wrote: > >> Hello! >> >> I'm trying to setup multiple squids as siblings with a parent which is >> not even a squid. >> >> But I'm getting following message in logs: >> >> temporary disabling (Bad Gateway) digest from 172.22.15.88 >> >> temporary disabling (Bad Gateway) digest from … >> >> Squid 3.5.23, compiled with "--enable-cache-digests". >> >> For parent I'm setting no-digest, but I'd like to get digests between >> siblings. However, it doesn't work and I probably found a reason after >> reading debug logs: >> >> This is how squid does store_digest request from a sibling peer: >> >> GET http://172.22.15.88:3128/squid-internal-periodic/store_digest [1] >> HTTP/1.1 >> Accept: application/cache-digest >> Accept: text/html >> X-Forwarded-For: unknown >> Host: 172.22.15.88:3128 [2] >> Cache-Control: max-age=259200 >> Connection: keep-alive >> >> Response (if I execute this request manually from telnet): >> >> HTTP/1.1 502 Bad Gateway >> … >> >> This request has been forwarded to a parent and parent returned 502! >> >> > Are you sure about that forwarding? > Its not being generated by the sibling? > > > Now if I manually do the same request with a relative URL: >> >> GET /squid-internal-periodic/store_digest HTTP/1.1 >> … >> >> Response: >> >> HTTP/1.1 200 Cache Digest OK >> … >> >> My setup: >> >> Multiple squids as siblings, one parent (not a squid). >> >> Peers configuration: >> >> # Other squids >> cache_peer 172.22.15.88 sibling 3128 4827 htcp >> cache_peer … sibling 3128 4827 htcp >> acl siblings src 172.22.15.88/32 [3] >> acl siblings src …/32 >> miss_access deny siblings >> >> # Parent >> cache_peer 127.0.0.1 parent 18070 0 no-query no-digest name=NAME >> cache_peer_access NAME deny some_acl >> >> Anyone else seen similar issue? Do you have an example of working >> configuration with multiple siblings and enabled digests? >> > > The default config usually just works. > > Do you have "global_internal_static off" in your squid.conf? > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -- With best regards, Ivan Larionov.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users