Fórum Root.cz
Hlavní témata => Server => Téma založeno: czechsys 02. 06. 2021, 10:53:22
-
Ahoj,
narazil jsem pri reseni jedne veci na neco, co jsem zatim nedogoogloval.
access.log
1622623123.458 481 client_ip TCP_MISS/000 0 HEAD http://proxy_ip:3128/ - DIRECT/proxy_ip -
1622623123.459 481 proxy_ip TCP_MISS/000 0 HEAD http://proxy_ip:3128/ - DIRECT/proxy_ip -
1622623123.459 481 proxy_ip TCP_MISS/000 0 HEAD http://proxy_ip:3128/ - DIRECT/proxy_ip -
1622623123.459 481 proxy_ip TCP_MISS/000 0 HEAD http://proxy_ip:3128/ - DIRECT/proxy_ip -
1622623123.459 481 proxy_ip TCP_MISS/000 0 HEAD http://proxy_ip:3128/ - DIRECT/proxy_ip -
1622623123.460 480 proxy_ip TCP_MISS/000 0 HEAD http://proxy_ip:3128/ - DIRECT/proxy_ip -
...
cache.log
2021/06/02 10:38:43| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 297: (92) Protocol not available
2021/06/02 10:38:43| WARNING: Forwarding loop detected for:
HEAD / HTTP/1.1
Via: 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.20), 1.1 proxy_ip (squid/3.1.
...
X-Forwarded-For: client_ip, proxy_ip, proxy_ip, proxy_ip, proxy_ip, proxy_ip, proxy_ip, proxy_ip, proxy_ip, proxy_ip, proxy_ip, proxy_ip, proxy_ip, proxy_ip,...
Mam uz pripravene nove verze proxy, ale nez to pujde do produkce, chvili to potrva. Nikdo nehlasi problem, takze se nemam ceho chytnout. Nenapada nekoho, co tohle muze zpusobit? Klienti pouzivaji automatickou konfiguraci proxy via wpad.
Diky
-
Nepomohlo by?
acl squidport port 3128
acl squidtarget dstdomain proxy.firma.cz
acl squidip dst 10.0.0.2
# prevent dos loop
http_access deny CONNECT squidip squidport
http_access deny CONNECT squidtarget squidport
-
Pouze, kdyz vyradim CONNECT z acl, pricemz to pravidlo mam jako prvni acl. Jinak zrejme to ma nejakou souvislost se stateful/stateless viz https://stackoverflow.com/questions/56575936/how-http-proxy-should-handle-head-requests .
Stacilo by mi prerusit tu smycku uz po prvni pruchodu, ale jeste nevim, jak toho docilit (asi Via?), aniz bych zaroven ty hlavicky pustil ven.