<div dir="ltr"><div>Hello Amos,</div><div><br></div><div>This is the via header sent by my local proxy as part of the request. <br></div><div><div><i>Via: 1.1 ubuntuozgen (squid/3.5.19)</i></div></div><div><i><br></i></div><div>It is not fqdn but ubuntu concatanated with a Turkish name so it is highly unlikely that yahoo have such named reverse proxy. I could not decrypt the squid <--> flicker traffic yet this is from pcap output from another http site but i think it should be same right?</div><div><br></div><div>Thanks.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Jun 25, 2016 at 3:10 PM, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 25/06/2016 6:14 p.m., Rafael Akchurin wrote:<br>
> Hello Amos,<br>
><br>
> The Via from mine is:<br>
><br>
> Via:"http/1.1 <a href="http://fts110.flickr.bf1.yahoo.com" rel="noreferrer" target="_blank">fts110.flickr.bf1.yahoo.com</a> (ApacheTrafficServer [cMs f ]), http/1.1 <a href="http://r02.ycpi.ams.yahoo.net" rel="noreferrer" target="_blank">r02.ycpi.ams.yahoo.net</a> (ApacheTrafficServer [cMsSf ]), 1.1 qlproxy (squid/3.3.8)"<br>
><br>
> Might it be the error when constructing via contents in squid? As it starts with 1.1 while other constructed by Yahoo all start with http/1.1 ?<br>
><br>
<br>
</span>I think thats the Via on the reply coming back, not the request going out.<br>
<br>
If that is actually your outgoing Via header *to* Yahoo. Then it says<br>
the message has already been through their service. Thus a loop.<br>
<br>
If Yahoo have any machine whose private hostname is "qlproxy" then your<br>
Via header will match that machine (or qlproxy.*.<a href="http://yahoo.com" rel="noreferrer" target="_blank">yahoo.com</a>) and again<br>
they will detect a loop.<br>
<br>
==> this will be true on whatever the outgoing Via really is from your<br>
"qlproxy" proxies.<br>
<br>
==> This is one of several reasons why I keep saying the<br>
visible_hostname is *required* to be a FQDN, not a local one-label name.<br>
And why Squid attempts to validate any auto-detected value in DNS before<br>
using them.<br>
<br>
<br>
What I'm expecting to see in Ozgur's header is either "localhost" or a<br>
simple one-label name like yours which might match something inside the<br>
private portion of the recipients CDN network.<br>
<div class="HOEnZb"><div class="h5"><br>
Amos<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">H Özgür Batur</div>
</div>