[squid-users] Google Chrome reports "Too many redirects" on ssl-dumped connections with LA Times News Website
Amos Jeffries
squid3 at treenet.co.nz
Fri Nov 3 07:38:26 UTC 2017
On 03/11/17 19:45, Jeffrey Merkey wrote:
> This error is extremely hard to reproduce, and I found it can be
> cleared by restarting squid, which seems to make it go away. It
> seems to take several hours of non-stop proxy use then once the error
> occurs the we browser reports "too many redirects" and certificate
> errors.
>
> Doing a restart on Centos 7 clears it:
>
> # systemctl restart squid
>
> The log shows some sort of "refresh unmodified state before it happens:
>
> 1509690588.252 167 127.0.0.1 TAG_NONE/200 0 CONNECT
> events.bouncex.net:443 - HIER_DIRECT/35.190.62.200 -
> 1509690588.272 210 127.0.0.1 TAG_NONE/200 0 CONNECT
> analytics.twitter.com:443 - HIER_DIRECT/199.59.149.200 -
> 1509690588.280 62 127.0.0.1 TCP_REFRESH_UNMODIFIED/200 38412 GET
> http://www.latimes.com/nation/la-na-vegas-shooting-sheriff-20171102-story.html
> - HIER_DIRECT/104.120.143.198 text/html <================== error
> is here
This is a 200 status response. So whatever "redirection" is occuring is
not part of the HTTP for that transaction.
The refresh means that something was cached beforehand but was stale so
the server had to be asked for permission to deliver it. UNMODIFIED
means the server responded by indicating it was okay to use.
> 1509690588.356 220 127.0.0.1 TCP_MISS/200 960 GET
> https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/34.228.123.38
> text/xml
> 1509690588.366 304 127.0.0.1 TAG_NONE/200 0 CONNECT
> geo.moatads.com:443 - HIER_DIRECT/52.21.172.68 -
> 1509690588.374 303 127.0.0.1 TAG_NONE/200 0 CONNECT
> rtr.innovid.com:443 - HIER_DIRECT/13.58.208.14 -
> 1509690588.377 33 127.0.0.1 TCP_MISS/200 498 GET
> https://tribpubdfp745347008913.s.moatpixel.com/pixel.gif? - HIER_
>
> If there are particulars and I attempt to recreate this problem are
> there any specific logging parms or settings that would help you
> understand this particular error or shed some light on it that I could
> set on my end.
The tool at redbot.org shows the HTTP protocol and all the content at
that refreshed URL is all relatively normal. Some Vary issues, but that
should not be leading to redirect loops.
Since the error is showing up in the browser and not easily visible in
the server traffic I think the best place to look would be to debug what
the browser is doing exactly. It probably has something to do with how
it handles those cert errors (ie TLS-Everywhere misfeatures always
trying to do broken https:// when http:// works fine).
Also, which Squid version are you using may matter. You didn't say which.
Amos
More information about the squid-users
mailing list