[squid-users] 301 Error in squid -> followed by 302
Amos Jeffries
squid3 at treenet.co.nz
Tue Sep 30 14:28:53 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 1/10/2014 3:00 a.m., Mr C K wrote:
> Hmm, i see the problem but if i not use squid it works, i tried
> squid in all different ways.
>
> http_port 3128 http_port 3128 accell http_port 3128 intercept
>
> not tproxy since i use FreeBSD.
>
> Could it be since i'm running parent and siblings ?
>
> Thank you anyway - but if you know more feed me if you want. :)
>
Using the squidclient tool to try and replicate the problem here I see
that http://www.hotmail.com/ redirects with a 301 as you describe.
But it redirects to https://mail.live.com/default.aspx.
* if you are intercepting the traffic that URL should not be going
through your Squid at all since you are not doing HTTPS interception.
* if your browser is configured to use the proxy explicitly it should
be going through Squid as a "CONNECT mail.live.com:443" request. Which
gets tunneled directly to the mail.live.com server.
If the browser does not deliver one or more of several Cookie headers
correctly the HTTPS request to mail.live.com redirects with 302 to
https://login.live.com/login.srf?wa=... which in turn asks for
credentials.
Not having a hotmail account I stop tracing at that point.
I have one suspicion...
do you have the Squid directive balance_on_multiple_ip configured to
ON ?
The hotmail security system used to (maybe still?) require all
inbound connections from one client to be using a single identical IP
address contacting a single server at the hotmail end of things. The
balance_on_multiple_ip directive forces Squid to break that assumption
and use a different origin server on every single request.
Amos
> 2014-09-30 15:48 GMT+02:00 Amos Jeffries: On 1/10/2014 1:45 a.m.,
> Mr C K wrote:
>>>> When i use squid and get headers like,
>>>>
>>>> HTTP/1.1 301 Moved Permanently Location:
>>>> http://www.hotmail.com/
>>>>
>>>> squid ends up in a endless loop.
>
> Not Squid.
>
>>>>
>>>> ERR_TOO_MANY_REDIRECTS
>
> This is a Chrome web browser error.
>
>>>>
>>>> Some say to use u url_rewriter or location_rewrite, but how
>>>> and where to read more about this.
>>>>
>>>> or is it that simple that squid can't handle this type of
>>>> redirect?
>
> There is nothing to "handle" here.
>
> 1a) Squid takes some request from the client and passes it to the
> server, which responds with 301. 1b) Squid takes the 301 and
> delivers it to the client.
>
> 2a) Squid takes client followup request for the new Location URL
> and passes it to the server, which responds with 302 pointing back
> to the first URL. 2b) Squid takes the 302 and delivers it to the
> client.
>
> 3a) goto 1a.
>
>
> See the problem?
>
>
> Amos
>
>> _______________________________________________ squid-users
>> mailing list squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUKr4kAAoJELJo5wb/XPRjdu0H/0zz+InLdijPGj3q6hqBmVJS
aJNe8TGCYUpeNbjfqv6eK8xmvzo0clwHy3GBMwwb9oOBeEwnCb8uMX+wYMg9t34R
ZVrVJ6zjNHUKJru2+W/1NGVLGm9JmLQmTIlwGZK/RrSsVQgHCapRA8RXiFa/l1gf
iHTyS2mwOc+MXg+jjCh/fRLAJBLOpDwc57AmMdh/T5N97yLnFrQy3O2iDnYN8RS6
vTrmQxmo9bt//s2PktxpqpAzOHFrZRA1jmSf+dD4qtyYwkmrF1a1SaguQD8IuU3n
o11+JBCxf51hfFWfnYMXl+H+2VSwzqeBdGkho5L7n81SUG1lKtwXmKP6p6xR1qw=
=4BdT
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list