You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Alan M. Carroll (JIRA)" <ji...@apache.org> on 2015/12/16 01:36:46 UTC

[jira] [Updated] (TS-3636) Parent Proxy Forward mode ts-full

     [ https://issues.apache.org/jira/browse/TS-3636?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alan M. Carroll updated TS-3636:
--------------------------------
    Fix Version/s:     (was: 6.1.0)
                   6.2.0

> Parent Proxy Forward mode ts-full
> ---------------------------------
>
>                 Key: TS-3636
>                 URL: https://issues.apache.org/jira/browse/TS-3636
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Parent Proxy, TProxy
>            Reporter: Faysal Banna
>            Assignee: Alan M. Carroll
>             Fix For: 6.2.0
>
>
> Hello Guys.
> today i stumbled upon an issue with parent proxy, and let me describe what is going on.
> i have my cache working in forward proxy mode tr-full
> proxy.config.reverse_proxy.enabled 0
> proxy.config.url_remap.remap_required 0
> proxy.config.http.server_ports 8080:tr-full:tr-pass 8099
> and in parent.config i have 
> url_regex=".*distrowatch" parent="77.75.92.61:8080"
> now if i do 
> export http_proxy=127.0.0.1:8099
> wget 'http://distrowatch.com'  --delete-after 
> i can see that the request was proxied to the parent cache in squid.log as shown below:
> 1432569647.049 823 127.0.0.1 TCP_REFRESH_MISS/200 157668 GET http://distrowatch.com/ - PARENT_HIT/77.75.92.61 text/html
> yet if i go as a client forwarded to the server from my laptop 
> i issue 
> wget --delete-after 'http://distrowatch.com'
> i get in squid.log
> 1432570157.718 62805 77.75.88.82 TCP_REFRESH_MISS/200 157598 GET http://distrowatch.com/ - DIRECT/distrowatch.com text/html
> i checked tcpdump on the interface between both caches and i had a result that ATS was sending parent proxies with origin ip addresses same as the client ip addresses .
> so i did a source-nat (SNAT) via iptables firewall on the interface itself and originated traffic as if originated from ATS itself 
> in diags.log i could always see
> http parent proxy 77.75.92.61:8080 marked down
> in my believe parent proxy should not get client address unless asked for. since it should always reply to the ATS server so it should get ATS ip address and not client ip address regardless of being TProxied or not.
> unless someone can create some variable to enable disable such feature when contacting parent proxies.
> Regards 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)