[squid-users] ACL matching incoherent in "tcp_outgoing_address" from pribeiro-squid@dont-contact.us on 2003-12-19 (squid-users)

From: <pribeiro-squid@dont-contact.us>
Date: Fri, 19 Dec 2003 12:21:19 +0000

I'm using the fallowing segment of configuration in our "squid.conf" to
archive some spreading across several IP's to minimize some limitations
imposed by some sites by IP address (traffic, simultaneous access,
etc)

acl outaddr1 src 0.0.0.0/0.0.0.3
acl outaddr2 src 0.0.0.1/0.0.0.3
acl outaddr3 src 0.0.0.2/0.0.0.3
acl outaddr4 src 0.0.0.3/0.0.0.3
tcp_outgoing_address 193.137.237.76 outaddr1
tcp_outgoing_address 193.137.237.77 outaddr2
tcp_outgoing_address 193.137.237.78 outaddr3
tcp_outgoing_address 193.137.237.79 outaddr4
tcp_outgoing_address 193.137.237.3 all

The problem is this configuration broke the IP based
authentication of some sites because for some reason unknown to me
sometimes consecutive accesses from the same internal IP gets
different addresses in the access from the proxy to the site ...

I'm I doing something wrong ?
Is this a squid "bug" ?

(Using squid2.5stable4 under Linux 2.4.22)

------------------ ngrep "dump" of a broken access --------------------

T 193.137.237.78:57432 -> 193.126.240.145:80 [AP]
  POST /login.msc HTTP/1.0..Accept: */*..Referer: http://www.iol.pt/..Accept-Language: pt..Conte
  nt-Type: application/x-www-form-urlencoded..User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win
  dows NT 5.1; .NET CLR 1.1.4322)..Host: webmail.iol.pt..Content-Length: 35..Pragma: no-cache..V
  ia: 1.0 proxy2.net.ipl.pt:3128 (squid/2.5.STABLE4-20031012)..X-Forwarded-For: 10.79.17.50..Cac
  he-Control: max-age=216000..Connection: keep-alive....

T 193.137.237.77:56888 -> 193.126.240.145:80 [AP]
  GET /pt/mail.html?sid=xxxxxxx+c&lang=pt&cert=false HTTP/1.0..Accept: */*..Referer: http://ww
  w.iol.pt/..Accept-Language: pt..User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
   .NET CLR 1.1.4322)..Host: webmail.iol.pt..Pragma: no-cache..Via: 1.0 proxy2.net.ipl.pt:3128 (
  squid/2.5.STABLE4-20031012)..X-Forwarded-For: 10.79.17.50..Cache-Control: max-age=216000..Conn
  ection: keep-alive....

-- 
Best regards,
[]-------------------------------------------------------------[]
  Pedro Ribeiro                                        
  Online: http://www.isel.ipl.pt/~pribeiro/
  IRC(PTnet) Nick: PAntMaR
  e-Mail: Spamm: trap@net.ipl.pt
               Personal: pribeiro@net.ipl.pt
               IPLNet/ISELNet Admin: helpdesk@net.ipl.pt
  Tel: Internal Ext.1610
  Tel: +351-218317032 / Fax: +351-218317191
[]-------------------------------------------------------------[]

Received on Fri Dec 19 2003 - 05:21:23 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:17 MST