[squid-users] X-Forwarded-For breaks a site

Andrea Venturoli ml at netfence.it
Mon Jan 30 11:09:34 UTC 2017 

Hello.

I've been invited to visit a web site and I couldn't see it.
Bypassing squid would solve the problem, so I made some some researches 
and saw that adding "forwarded_for transparent" to my config would do.

I'm wondering what the reason might be...

tcpdump showed that:
1) initial connection to http:/www.xxxxxxx.com yields a 302 redirect to 
http:/www.xxxxxxx.com/md;
2) so a second request goes out to http:/www.xxxxxxx.com/md and yields a 
301, again redirecting to http:/www.xxxxxxx.com/md/ (notice the last slash);
3) finally a request goes out for http:/www.xxxxxxx.com/md/ and here's 
where a difference arises between a direct connection and one through 
Squid (without "forwarded_for transparent").

The answer to a direct connection (or to Squid with "forwarded_for 
transparent") is:
> HTTP/1.1 303 See other
> Date: Mon, 30 Jan 2017 09:56:18 GMT
> Server: Apache
> X-Powered-By: PHP/5.3.29
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> Pragma: no-cache
> Set-Cookie: PHPSESSID=wwwwwwwwwww; path=/
> Set-Cookie: yyyyyyyyyyyyyy=zzzzzzzzzzzzz; path=/; HttpOnly
> Location: http://www.xxxxxxx.com/md/it/
> Content-Length: 0
> Connection: close
> Content-Type: text/html; charset=utf-8

The answer to Squid without "forwarded_for transparent") is:
> HTTP/1.1 200 OK
> Date: Mon, 30 Jan 2017 09:33:51 GMT
> Server: Apache
> X-Powered-By: PHP/5.3.29
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> Pragma: no-cache
> Set-Cookie: PHPSESSID=vvvvvvvvvvvvvvvvvvvvvv; path=/
> Content-Length: 0
> Keep-Alive: timeout=15, max=98
> Connection: Keep-Alive
> Content-Type: text/html


The site is a commercial one and, altough it features a reserved area, I 
don't see any point in loosing visibility to corporate users.
Also the webserver belongs to a famous ISP which should also hosts 
thousands of other sites, so I guess it should have nothing fancy.



Anyone can shed some light on this behaviour?
Is this Squid's fault (I don't think so, but I'll just ask)?
Is this a known bug in some version of Apache or PHP or whatever?
Is it dangerous to keep "forwarded_for transparent" in my config?



  bye & Thanks
	av.

More information about the squid-users mailing list