SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2018-10-20 11:53 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0001588 | Endian Firewall | Proxy HTTP | public | 2009-02-20 19:51 | 2009-10-27 12:00 | ||||
| Reporter | bonald | ||||||||
| Assigned To | peter-endian | ||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 2.2-rc3 | ||||||||
| Target Version | 2.3 | Fixed in Version | 2.3 | ||||||
| Summary | 0001588: Proxy loop in cache.log | ||||||||
| Description | WARNING: Forwarding loop detected for: Client: 127.0.0.1 http_port: 127.0.0.1:8080 Using NTLM auth, every request receive this message. | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0001987) bonald (reporter) 2009-02-20 19:56 edited on: 2009-02-20 23:49 |
this only occurs when multiple group policies are in place. if only one policy no loop. (default rule) |
|
(0001988) bonald (reporter) 2009-02-20 20:23 |
there is no loop for unfiltered rule there is a loop for my filtered rule |
|
(0001989) bonald (reporter) 2009-02-20 23:48 edited on: 2009-02-20 23:48 |
this bug is on 2.2 enterprise latest. not on 2.2.rc3 community. |
|
(0002003) bonald (reporter) 2009-02-27 02:04 |
squid.conf.tmpl seems to be the problem. version from 2.2rc3 is fine. |
|
(0002097) peter-endian (administrator) 2009-04-02 19:54 |
patch 14506 re-introduced this problem by removing the follwing line from squid.conf.tmpl: header_access Via deny all That line was responsible for the chunked header issue: 0001083 Maybe it helps if we deny Via only from localhost (?). That should prevent squid to recognize the request as loop, but add the Via header on the last squid instance for the web-servers. Otherwise it seems that the solutions for these bugs are mutual exclusive. |
|
(0002104) peter-endian (administrator) 2009-04-06 15:46 |
header_access Via deny localhost does solve this issue but re-introduces 0001083 |
|
(0002109) peter-endian (administrator) 2009-04-07 13:56 |
seems that there is no way around patching squid in the following way: the loop prevention checks the via header if there is the local hostname twice. connections which come from dansguardian or havp always come from localhost. If they come from localhost, the loop is legitime. The patch should add a "%s-local" to the hostname, whenever the connection comes from localhost. That should fix both problems |
|
(0002472) peter-endian (administrator) 2009-06-05 18:08 |
adding %s-local is not possible, because the check is the other way around. Last squid, recognizes that there is a loop, because the request has a Via header with the first squid's name in it. The solution is to disable the loop check if the request comes from localhost |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-02-20 19:51 | bonald | New Issue | |
| 2009-02-20 19:51 | bonald | Assigned To | => simon-endian |
| 2009-02-20 19:56 | bonald | Note Added: 0001987 | |
| 2009-02-20 20:23 | bonald | Note Added: 0001988 | |
| 2009-02-20 23:48 | bonald | Note Added: 0001989 | |
| 2009-02-20 23:48 | bonald | Note Edited: 0001989 | |
| 2009-02-20 23:48 | bonald | Note Edited: 0001989 | |
| 2009-02-20 23:49 | bonald | Note Edited: 0001987 | |
| 2009-02-27 02:04 | bonald | Note Added: 0002003 | |
| 2009-04-02 19:53 | peter-endian | Relationship added | related to 0001083 |
| 2009-04-02 19:54 | peter-endian | Note Added: 0002097 | |
| 2009-04-06 15:46 | peter-endian | Note Added: 0002104 | |
| 2009-04-07 13:56 | peter-endian | Note Added: 0002109 | |
| 2009-04-07 13:57 | peter-endian | Assigned To | simon-endian => peter-endian |
| 2009-05-27 10:17 | peter-endian | Target Version | => 2.3 |
| 2009-06-05 18:08 | peter-endian | Note Added: 0002472 | |
| 2009-06-05 18:29 | peter-endian | Status | new => resolved |
| 2009-06-05 18:29 | peter-endian | Fixed in Version | => 2.3 |
| 2009-06-05 18:29 | peter-endian | Resolution | open => fixed |
| 2009-10-27 12:00 | peter-endian | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |