[squid-users] I am seeing the following in my cache.log

Amos Jeffries squid3 at treenet.co.nz
Wed Mar 25 02:18:43 UTC 2015

On 25/03/2015 2:05 p.m., Monah Baki wrote:
> Thanks Amos,
> My problem is I only have control over the squid server. I can only
> tell the ISP to take the client offline and run some AntiVirus or
> better reimage the device.

The security problem is that your proxy is receiving over port 80
(*unencrypted* origin server) a request the client apparently sent on
port 443 (encrypted origin server).

This may be caused by the client browser running a script which is
hjacking it. Or somebody between your proxy and the client MITM'ing the
connection and sending decrypted content out over the network in the
clear. Neither is a desirable situation.

> Within 2 hours my cache.log grew to 50MB in size and it was repeating
> the error mentioned over and over again till my squid server started
> complaining about running out of file descriptors, and stopped
> working.

Your proxy is configured such that it adds the Via header properly for
loop detection.

However, if there is another proxy stripping away that header and a loop
happens it would directly lead to both the FD exhaustion and the
extremely large amount of log entries (once per loop).


More information about the squid-users mailing list