Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
Hello Guys.
today i stumbled upon an issue with parent proxy, and let me describe what is going on.
i have my cache working in forward proxy mode tr-full
proxy.config.reverse_proxy.enabled 0
proxy.config.url_remap.remap_required 0
proxy.config.http.server_ports 8080:tr-full:tr-pass 8099
and in parent.config i have
url_regex=".*distrowatch" parent="77.75.92.61:8080"
now if i do
export http_proxy=127.0.0.1:8099
wget 'http://distrowatch.com' --delete-after
i can see that the request was proxied to the parent cache in squid.log as shown below:
1432569647.049 823 127.0.0.1 TCP_REFRESH_MISS/200 157668 GET http://distrowatch.com/ - PARENT_HIT/77.75.92.61 text/html
yet if i go as a client forwarded to the server from my laptop
i issue
wget --delete-after 'http://distrowatch.com'
i get in squid.log
1432570157.718 62805 77.75.88.82 TCP_REFRESH_MISS/200 157598 GET http://distrowatch.com/ - DIRECT/distrowatch.com text/html
i checked tcpdump on the interface between both caches and i had a result that ATS was sending parent proxies with origin ip addresses same as the client ip addresses .
so i did a source-nat (SNAT) via iptables firewall on the interface itself and originated traffic as if originated from ATS itself
in diags.log i could always see
http parent proxy 77.75.92.61:8080 marked down
in my believe parent proxy should not get client address unless asked for. since it should always reply to the ATS server so it should get ATS ip address and not client ip address regardless of being TProxied or not.
unless someone can create some variable to enable disable such feature when contacting parent proxies.
Regards