[squid-users] I am seeing the following in my cache.log
squid3 at treenet.co.nz
Wed Mar 25 02:18:43 UTC 2015
On 25/03/2015 2:05 p.m., Monah Baki wrote:
> Thanks Amos,
> My problem is I only have control over the squid server. I can only
> tell the ISP to take the client offline and run some AntiVirus or
> better reimage the device.
The security problem is that your proxy is receiving over port 80
(*unencrypted* origin server) a request the client apparently sent on
port 443 (encrypted origin server).
This may be caused by the client browser running a script which is
hjacking it. Or somebody between your proxy and the client MITM'ing the
connection and sending decrypted content out over the network in the
clear. Neither is a desirable situation.
> Within 2 hours my cache.log grew to 50MB in size and it was repeating
> the error mentioned over and over again till my squid server started
> complaining about running out of file descriptors, and stopped
Your proxy is configured such that it adds the Via header properly for
However, if there is another proxy stripping away that header and a loop
happens it would directly lead to both the FD exhaustion and the
extremely large amount of log entries (once per loop).
More information about the squid-users