You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Faysal Banna (JIRA)" <ji...@apache.org> on 2015/05/25 21:36:17 UTC

[jira] [Created] (TS-3636) Parent Proxy Forward mode ts-full

Faysal Banna created TS-3636:
--------------------------------

             Summary: Parent Proxy Forward mode ts-full
                 Key: TS-3636
                 URL: https://issues.apache.org/jira/browse/TS-3636
             Project: Traffic Server
          Issue Type: Bug
          Components: Parent Proxy, TProxy
            Reporter: Faysal Banna
            Assignee: Alan M. Carroll


Hello Guys.
today i stumbled upon an issue with parent proxy, and let me describe when going on.
i have my cache working in forward proxy mode tr-full

proxy.config.reverse_proxy.enabled 0
proxy.config.url_remap.remap_required 0
proxy.config.http.server_ports 8080:tr-full:tr-pass 8099

and in parent.config i have 
url_regex=".*distrowatch" parent="77.75.92.61:8080"

now if i do 
export http_proxy=127.0.0.1:8099
wget 'http://distrowatch.com'  --delete-after 

i can see that the request was proxied to the parent cache in squid.log as shown below:

1432569647.049 823 127.0.0.1 TCP_REFRESH_MISS/200 157668 GET http://distrowatch.com/ - PARENT_HIT/77.75.92.61 text/html

yet if i go as a client forwarded to the server from my laptop 
i issue 
wget --delete-after 'http://distrowatch.com'
i get in squid.log
1432570157.718 62805 77.75.88.82 TCP_REFRESH_MISS/200 157598 GET http://distrowatch.com/ - DIRECT/distrowatch.com text/html

i checked tcpdump on the interface between both caches and i had a result that ATS was sending parent proxies with origin ip addresses same as the client ip addresses .
so i did a source-nat (SNAT) via iptables firewall on the interface itself and originated traffic as if originated from ATS itself 

in diags.log i could always see
http parent proxy 77.75.92.61:8080 marked down

in my believe parent proxy should not get client address unless asked for. since it should always reply to the ATS server so it should get ATS ip address and not client ip address regardless of being TProxied or not.

unless someone can create some variable to enable disable such feature when contacting parent proxies.

Regards 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)