Squid Opens Connections to Self

From: Jeff Madison <jeff@dont-contact.us>
Date: Wed, 17 Jun 1998 12:08:58 -0600

I'm sorry if this has been asked before but I did not see it in the
archives. I'm running squid 1.1.21 on Solaris x86 2.6. We are using it to
do transparent caching with an Alteon ace 180 switch that directs all http
traffic to the server. We are using ip-filter to do the traffic redirection
on the server. I'm seeing something very strange where squid appears to
open a tun off connections to it's self and bog down and die. Included are
the changes I made to squid.conf file and some log data. Any help would be
appreciated. The server only has 1 nic and ip-filter takes any traffic on
the nic destined for port 80 and redirects to the address of the nic and
port 80.

Here are the changes made to the default conf file

#Port number where squid will listen for HTTP client requests.
http_port 80

#Turn logging to it's lowest level
debug_options ALL,1

#defines a group (or Access Control List) that includes all IP
#addresses.
#If you want to restrict access to your cache, do that here.
#See the squid.conf.default file for more hints on configuring acls.
acl all src 0.0.0.0/0.0.0.0

#allow all sites to use connect to us via HTTP
http_access allow all

#test the following sites to check that we are connected
dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu

#run as the squid user
#You may want to create your own "squid" user and "squid" group if you
#so wish. Make that change here.
cache_effective_user squid squid

#We are running squid as a virtual httpd accelerator, since we need
#transparent proxy, ie we are fooling the web clients into thinking
#that we are a web server, and not a cache server. This is because
#HTTP web requests and HTTP proxy requests are different.
#You should understand what this means before configuring squid.
httpd_accel virtual 80

#Using squid as both a httpd accelerator *and* a proxy.
httpd_accel_with_proxy on

#Squid looks at the Host: header included in HTTP/1.1 requests
#(and by some HTTP/1.0 compatible browsers) in order to enable
#transparent proxying. Squid does not check the value of the Host:
#header, so this is a security hole that you should be aware of!!
#This hole could be shrunk by limiting access to squid using ACLs.
httpd_accel_uses_host_header on

The address of the squid server is 209.210.176.33
The fist request appears to be sourced from 209.210.178.153 (a dial-in
customer). The following requests are sourced from the server its self.
There is not a web server running with squid.

898044840.206 899782 209.210.178.153 ERR_READ_TIMEOUT/400 869 GET
http://209.210
.176.33/adventure/cyphersender/getmessage.asp - DIRECT/209.210.176.33 -
898044840.207 899439 209.210.176.33 ERR_READ_TIMEOUT/400 869 GET
http://209.210.
176.33/adventure/cyphersender/getmessage.asp - DIRECT/209.210.176.33 -
898044840.207 899500 209.210.176.33 ERR_READ_TIMEOUT/400 869 GET
http://209.210.
176.33/adventure/cyphersender/getmessage.asp - DIRECT/209.210.176.33 -
898044840.208 899516 209.210.176.33 ERR_READ_TIMEOUT/400 869 GET
http://209.210.
176.33/adventure/cyphersender/getmessage.asp - DIRECT/209.210.176.33 -
898044840.208 899514 209.210.176.33 ERR_READ_TIMEOUT/400 869 GET
http://209.210.
176.33/adventure/cyphersender/getmessage.asp - DIRECT/209.210.176.33 -
898044840.209 899513 209.210.176.33 ERR_READ_TIMEOUT/400 869 GET
http://209.210.
176.33/adventure/cyphersender/getmessage.asp - DIRECT/209.210.176.33 -
898044840.210 899511 209.210.176.33 ERR_READ_TIMEOUT/400 869 GET
http://209.210.
176.33/adventure/cyphersender/getmessage.asp - DIRECT/209.210.176.33 -
898044840.211 899501 209.210.176.33 ERR_READ_TIMEOUT/400 869 GET
http://209.210.
176.33/adventure/cyphersender/getmessage.asp - DIRECT/209.210.176.33 -
898044840.211 899499 209.210.176.33 ERR_READ_TIMEOUT/400 869 GET
http://209.210.
176.33/adventure/cyphersender/getmessage.asp - DIRECT/209.210.176.33 -
898044840.212 899497 209.210.176.33 ERR_READ_TIMEOUT/400 869 GET
http://209.210.
176.33/adventure/cyphersender/getmessage.asp - DIRECT/209.210.176.33 -

This goes on for some time. A netstat -a shows that the server is opening
thousands of connections to it's self all generated I assume from this
single error.

Jeff Madison
Systems Engineer
(801)924-0900 x 101
Received on Wed Jun 17 1998 - 11:10:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:43 MST