On 1/14/2013 1:48 PM, Leslie Jensen wrote:
I've now upgraded squid to 3.2 and rewritten the firewall rule that
resulted in a forwarding loop.
Unfortunately I've got no access now and I can't see where I've made the
error.
The browser says squid is rejecting the requests:
Access control configuration prevents your request from being allowed at
this time.
1358162295.975 0 172.18.0.1 TCP_MISS/403 4052 GET
http://www.skatteverket.se/ - HIER_NONE/- text/html
1358162295.976 11 172.18.0.102 TCP_MISS/403 4137 GET
http://www.skatteverket.se/ - HIER_DIRECT/172.18.0.1 text/html
1358162296.110 0 172.18.0.1 TCP_MISS/403 4166 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_NONE/- text/html
1358162296.110 99 172.18.0.102 TCP_MISS/403 4251 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_DIRECT/172.18.0.1
text/html
1358162296.219 0 172.18.0.1 TCP_MISS/403 4058 GET
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.219 1 172.18.0.102 TCP_MISS/403 4143 GET
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html
1358162296.239 0 172.18.0.1 TCP_MISS/403 4090 GET
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.240 1 172.18.0.102 TCP_MISS/403 4175 GET
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html
Look closly.. it's not squid.
if it was squid you would have seen TCP_DENIED.
you get a TCP_MISS which squid is ok with but a remote server DENIES you
with a 403 response.
I would say it looks pretty bad since every request seems to go into
squid from two IP addresses which is like a loop.. but one which squid
can not recognize from an unknown reason.
What have you done in the firewall to prevent the forwarding loop?
By the way did you tried to have a rule that allows all web requests
from the local machine of the proxy to not be intercepted?
Regards,
Eliezer
