SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001588: Proxy loop in cache.log - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001588Endian FirewallProxy HTTPpublic2009-02-20 19:512009-10-27 12:00
Reporterbonald 
Assigned Topeter-endian 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-rc3 
Target Version2.3Fixed in Version2.3 
Summary0001588: Proxy loop in cache.log
DescriptionWARNING: Forwarding loop detected for:
Client: 127.0.0.1 http_port: 127.0.0.1:8080

Using NTLM auth,
every request receive this message.
TagsNo tags attached.
Attached Files

- Relationships
related to 0001083closedsimon-endian http://msnbc.msn.com [^] does not work with squid (chunked header) 

-  Notes
(0001987)
bonald (reporter)
2009-02-20 19:56
edited on: 2009-02-20 23:49

this only occurs when multiple group policies are in place.
if only one policy no loop. (default rule)

(0001988)
bonald (reporter)
2009-02-20 20:23

there is no loop for unfiltered rule
there is a loop for my filtered rule
(0001989)
bonald (reporter)
2009-02-20 23:48
edited on: 2009-02-20 23:48

this bug is on 2.2 enterprise latest. not on 2.2.rc3 community.

(0002003)
bonald (reporter)
2009-02-27 02:04

squid.conf.tmpl seems to be the problem.

version from 2.2rc3 is fine.
(0002097)
peter-endian (administrator)
2009-04-02 19:54

patch 14506 re-introduced this problem by removing the follwing line from squid.conf.tmpl:

header_access Via deny all

That line was responsible for the chunked header issue: 0001083

Maybe it helps if we deny Via only from localhost (?). That should prevent squid to recognize the request as loop, but add the Via header on the last squid instance for the web-servers.

Otherwise it seems that the solutions for these bugs are mutual exclusive.
(0002104)
peter-endian (administrator)
2009-04-06 15:46

header_access Via deny localhost

does solve this issue but re-introduces 0001083
(0002109)
peter-endian (administrator)
2009-04-07 13:56

seems that there is no way around patching squid in the following way:

the loop prevention checks the via header if there is the local hostname twice. connections which come from dansguardian or havp always come from localhost. If they come from localhost, the loop is legitime.

The patch should add a "%s-local" to the hostname, whenever the connection comes from localhost.

That should fix both problems
(0002472)
peter-endian (administrator)
2009-06-05 18:08

adding %s-local is not possible, because the check is the other way around.
Last squid, recognizes that there is a loop, because the request has a Via header with the first squid's name in it.

The solution is to disable the loop check if the request comes from localhost

- Issue History
Date Modified Username Field Change
2009-02-20 19:51 bonald New Issue
2009-02-20 19:51 bonald Assigned To => simon-endian
2009-02-20 19:56 bonald Note Added: 0001987
2009-02-20 20:23 bonald Note Added: 0001988
2009-02-20 23:48 bonald Note Added: 0001989
2009-02-20 23:48 bonald Note Edited: 0001989
2009-02-20 23:48 bonald Note Edited: 0001989
2009-02-20 23:49 bonald Note Edited: 0001987
2009-02-27 02:04 bonald Note Added: 0002003
2009-04-02 19:53 peter-endian Relationship added related to 0001083
2009-04-02 19:54 peter-endian Note Added: 0002097
2009-04-06 15:46 peter-endian Note Added: 0002104
2009-04-07 13:56 peter-endian Note Added: 0002109
2009-04-07 13:57 peter-endian Assigned To simon-endian => peter-endian
2009-05-27 10:17 peter-endian Target Version => 2.3
2009-06-05 18:08 peter-endian Note Added: 0002472
2009-06-05 18:29 peter-endian Status new => resolved
2009-06-05 18:29 peter-endian Fixed in Version => 2.3
2009-06-05 18:29 peter-endian Resolution open => fixed
2009-10-27 12:00 peter-endian Status resolved => closed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker