[squid-users] Another "Forwarding loop detected" issue

Nick Howitt nick at howitts.co.uk
Tue Nov 5 11:07:32 UTC 2019 


On 05/11/2019 10:44, Amos Jeffries wrote:
> On 5/11/19 10:40 pm, Nick Howitt wrote:
>> I am trying to help someone who is running squid-3.5.20-12 on a
>> standalone server with the dansguardian content filter and suddenly
>> recently has been getting a lot of messages like:
>>
>>     2019/10/31 13:48:14 kid1| WARNING: Forwarding loop detected for:
>>     HEAD / HTTP/1.0
>>     Via: 1.0 HSFilterHyperos7.haftr.local (squid/3.5.20)
>>     Cache-Control: max-age=259200
>>     Connection: keep-alive
>>     X-Forwarded-For: 10.10.1.2
>>     Host: 10.10.1.2:8080
>>
>>
>> The access log looks something like:
>>
>>     1572545946.383 120000 10.10.1.2 TCP_MISS_ABORTED/000 0 HEAD
>>     http://10.10.1.2:8080/ - HIER_DIRECT/10.10.1.2 -
>>     1572545946.477 120000 10.10.1.2 TCP_MISS_ABORTED/000 0 HEAD
>>     http://10.10.1.2:8080/ - HIER_DIRECT/10.10.1.2 -
>>     1572545946.493 120000 10.10.1.2 TCP_MISS_ABORTED/000 0 HEAD
>>     http://10.10.1.2:8080/ - HIER_DIRECT/10.10.1.2 -
>>
>> (but these are for different transactions - they are all the same apart
>> from the timestamps)
>>
> That is what a forwarding loop looks like in the access.log.
>
>
>> The content filter listens on port 8080 and squid on 3128. The machine
>> is on 10.10.1.2
>>
>> All the other posts I've seen seem to be for transparent mode or where
>> there is a User Agent string. I have found nothing to cover this
>> scenario. How can I troubleshoot to fix it and what information do you
>> need from me to help diagnose?
>>
> Something is telling Squid the origin server being contacted exists at
> 10.10.1.2:8080. You can see that in the Host header of the message.
>
> I would trace the traffic flow from the client to Squid.
>
But isn't everything coming to 8080 as that is the proxy you'd set up in 
the browser? I'm afraid I don't understand how proxying works at the 
packet level. I see nothing before these messages to indicate the 
packets are coming from elsewhere. A cut down startup log looks like:

    <snip>
    2019/10/31 13:47:40 kid1| helperOpenServers: Starting 5/5
    'ext_unix_group_acl' processes
    2019/10/31 13:47:40 kid1| HTCP Disabled.
    2019/10/31 13:47:40 kid1| Finished loading MIME types and icons.
    2019/10/31 13:47:40 kid1| Accepting HTTP Socket connections at
    local=[::1]:3128 remote=[::] FD 2021 flags=9
    2019/10/31 13:47:40 kid1| Accepting HTTP Socket connections at
    local=127.0.0.1:3128 remote=[::] FD 2022 flags=9
    2019/10/31 13:47:40 kid1| Accepting HTTP Socket connections at
    local=10.10.1.2:3128 remote=[::] FD 2023 flags=9
    2019/10/31 13:48:12 kid1| WARNING: Forwarding loop detected for:
    HEAD / HTTP/1.0
    Via: 1.0 HSFilterHyperos7.haftr.local (squid/3.5.20)
    Cache-Control: max-age=259200
    Connection: keep-alive
    X-Forwarded-For: 10.10.1.2
    Host: 10.10.1.2:8080


    2019/10/31 13:48:14 kid1| WARNING: Forwarding loop detected for:
    HEAD / HTTP/1.0
    Via: 1.0 HSFilterHyperos7.haftr.local (squid/3.5.20)
    Cache-Control: max-age=259200
    Connection: keep-alive
    X-Forwarded-For: 10.10.1.2
    Host: 10.10.1.2:8080


Is there anything I can look for in my logs or do I need to do some sort 
of tcpdump with some filters?

Thanks,

Nick

More information about the squid-users mailing list