A forwarding loop is when a request passes through one proxy more than once. You can get a forwarding loop if
a cache forwards requests to itself. This might happen with interception caching (or server acceleration) configurations.
a pair or group of caches forward requests to each other. This can happen when Squid uses ICP, Cache Digests, or the ICMP RTT database to select a next-hop cache.
Forwarding loops are detected by examining the Via request header. Each cache which "touches" a request must add its hostname to the Via header. If a cache notices its own hostname in this header for an incoming request, it knows there is a forwarding loop somewhere.
NOTE: Squid may report a forwarding loop if a request goes through two caches that have the same visible_hostname value. If you want to have multiple machines with the same visible_hostname then you must give each machine a different unique_hostname so that forwarding loops are correctly detected.
When Squid detects a forwarding loop, it is logged to the cache.log file with the recieved Via header. From this header you can determine which cache (the last in the list) forwarded the request to you.
One way to reduce forwarding loops is to change a parent relationship to a sibling relationship.
Another way is to use cache_peer_access rules. For example:
# Our parent caches
cache_peer A.example.com parent 3128 3130
cache_peer B.example.com parent 3128 3130
cache_peer C.example.com parent 3128 3130
# An ACL list
acl PEERS src A.example.com
acl PEERS src B.example.com
acl PEERS src C.example.com
# Prevent forwarding loops
cache_peer_access A.example.com allow !PEERS
cache_peer_access B.example.com allow !PEERS
cache_peer_access C.example.com allow !PEERS
The above configuration instructs squid to NOT forward a request to parents A, B, or C when a request is received from any one of those caches.
Source : http://www.comfsm.fm/computing/squid/FAQ-11.html
My Case
Di my network, ada 2 buah proxy, sebut saja proxy hotspot dan proxy router. Si router sebagai parent proxy. Jika proxy hotspot, di squid.conf, saya tambahkan parent to router proxy, akan ada error message forwarding loop detected. Akibatnya adalah file cache.log di proxy parent, menjadi sangat besar, dan banyak sekali menghabiskan resource router proxy.
WARNING: Forwarding loop detected for:
GET /squid-internal-dynamic/netdb HTTP/1.1
Host: 192.168.10.30:3127
Via: 1.1 Hotspot_Bamboe (squid/3.1.16), 1.1 Router_Bamboe (squid/3.1.19), 1.1 Router_Bamboe (squid/3.1.19), 1.1 Router_Bamboe (squid/3.1.19),
Selama berminggu-minggu, bolak-balik nyari di berbagai forum, dan searching di google. Sudah otak atik konfigurasi, dari ganti unique hostname, install dan remove squid yang baru atau yang lama, disable forwarder, dan macam-macam disable lainnya, konfigurasi shorewall/firewall... dan sebagainya... tapi masih tidak berhasil...
dan at last, berkat artikle diatas, saya coba mendisable icmp, saat configure squid baru di proxy hotspot.
./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --sysconfdir=/etc/squid --datadir=/usr/share/squid --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/lib/squid --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --x-includes=/usr/include --x-libraries=/usr/lib --enable-shared=yes --enable-static=no --enable-xmalloc-statistics --enable-carp --enable-storeio=aufs,ufs --enable-removal-policies=heap,lru --disable-icmp --disable-delay-pools --disable-esi --enable-icap-client --enable-useragent-log --enable-referer-log --disable-wccp --enable-wccpv2 --disable-kill-parent-hack --enable-snmp --enable-cachemgr-hostname=localhost --enable-arp-acl --disable-htcp --disable-forw-via-db --disable-follow-x-forwarded-for --enable-cache-digests --disable-poll --enable-epoll --enable-linux-netfilter --disable-ident-lookups --enable-default-hostsfile=/etc/hosts --with-default-user=squid --with-large-files --enable-mit=/usr --with-logdir=/var/log/squid --enable-http-violations --enable-zph-qos --with-filedescriptors=65536 --enable-gnuregex --enable-async-io=64 --with-aufs-threads=64 --with-pthreads --with-aio --enable-default-err-languages=English --enable-err-languages=English --disable-hostname-checks --enable-underscores
Sedangkan di sisi parent proxy (router proxy), karena proxynya sudah running, di squid.conf ditambahkan :
netdb_filename none
pinger_enable off
Dan it's work... tidak ada lagi warning forward detected yang menjengkelkan itu... :)
Reference :
http://www.comfsm.fm/computing/squid/FAQ-11.html
netdb_filename none
pinger_enable off
query_icmp off
Dan it's work... tidak ada lagi warning forward detected yang menjengkelkan itu... :)
Reference :
http://www.comfsm.fm/computing/squid/FAQ-11.html
Come and see how 1,000's of individuals like YOU are making a LIVING online and are living their dreams TODAY.
ReplyDeleteCLICK HERE TO START TODAY