[squid-users] flickr.com redirect error

Ozgur Batur ozgurbtr at gmail.com
Mon Jun 27 15:01:38 UTC 2016


Browser i used to test runs on same machine with squid,  i changed it to
explicit mode(no intercept - I set proxy ip in browser) during my attempts
for ssl interception. Sorry I forgot to mention that in my last post of
logs. So xff localhost is normal I guess. Here is the request log with
 port info:

----------

2016/06/27 15:49:40.909 kid1| 11,2| http.cc(2234) sendRequest: HTTP Server
local=10.100.136.56:47772 remote=188.125.93.100:443 FD 47 flags=1

2016/06/27 15:49:40.909 kid1| 11,2| http.cc(2235) sendRequest: HTTP Server
REQUEST:

---------

GET / HTTP/1.1

Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Ubuntu Chromium/50.0.2661.102 Chrome/50.0.2661.102 Safari/537.36

Accept-Encoding: gzip, deflate, sdch

Accept-Language: tr,en-US;q=0.8,en;q=0.6

..

Host: www.flickr.com

Via: 1.1 ubuntuozgen (squid/3.5.19)

Surrogate-Capability: ubuntuozgen="Surrogate/1.0 ESI/1.0"

X-Forwarded-For: ::1

Cache-Control: max-age=259200

Connection: keep-alive


On Mon, Jun 27, 2016 at 2:27 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 27/06/2016 11:01 p.m., Ozgur Batur wrote:
> > Yes that is much easier, thank you.
> >
> > Rafaels line is response header, I received the same. Here is the related
> > cachelog:
> >
>
> What is the content of the line above this one. With the IP:port details ?
>
> > 2016/06/27 13:52:49.194 kid1| 11,2| http.cc(2235) sendRequest: HTTP
> Server
> > REQUEST:
> > GET / HTTP/1.1
> > Accept:
> >
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> > Upgrade-Insecure-Requests: 1
> > User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
> like
> > Gecko) Ubuntu Chromium/50.0.2661.102 Chrome/50.0.2661.102 Safari/537.36
> > Accept-Encoding: gzip, deflate, sdch
> > Accept-Language: tr,en-US;q=0.8,en;q=0.6
> > ...
> > Host: www.flickr.com
> > Via: 1.1 ubuntuozgen (squid/3.5.19)
> > Surrogate-Capability: ubuntuozgen="Surrogate/1.0 ESI/1.0"
> > X-Forwarded-For: ::1
>
> You said this was using interception. But Squid XFF is telling Yahoo
> that its receiving localhost traffic.
>
> Try "forwarded_for transparent" in your squid.conf, and find out why
> that ::1 is happening on an intercepted proxy. There may be a bug in
> your NAT or routing configuration.
>
>
> > Cache-Control: max-age=0
> > Connection: keep-alive
> >
> > ..
> > 2016/06/27 13:52:49.477 kid1| 11,2| http.cc(751) processReplyHeader: HTTP
> > Server REPLY:
> > ---------
> > HTTP/1.1 301 Moved Permanently
> > X-Frame-Options: SAMEORIGIN
> > X-Content-Type-Options: nosniff
> > X-XSS-Protection: 1; mode=block
> > X-Served-By: pprd1-node552-lh1.manhattan.bf1.yahoo.com
> > X-Instance: flickr.v1.production.manhattan.bf1.yahoo.com
> > Cache-Control: no-cache, max-age=0, must-revalidate, no-store
> > Pragma: no-cache
> > X-Request-Id: 36e709a2
> > Location: https://www.flickr.com/
> > Vary: Accept
> > Content-Type: text/html; charset=utf-8
> > Content-Length: 102
> > Server: ATS
> > Date: Mon, 27 Jun 2016 10:52:40 GMT
> > Age: 0
> > Via: http/1.1 fts111.flickr.bf1.yahoo.com (ApacheTrafficServer [cMs f
> ]),
> > http/1.1 r11.ycpi.dea.yahoo.net (ApacheTrafficServer [cMs f ])
> > Connection: keep-alive
> > ..
> >
> > And this repeats on and on. As I understand disabling Via header is an
> > acceptable solution. If I could disable the header only for problematic
> > domains that would be better of course.
>
> Okay. Unfortunately not possible. If that forwarded_for change works it
> would be better than disabling Via.
>
> Amos
>
>


-- 
H Özgür Batur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160627/61131063/attachment-0001.html>


More information about the squid-users mailing list