[squid-users] Squid 3.5.1 intercept / Forwarding loop detected for

naser sonbaty naser.sonbaty at gmail.com
Sat Feb 14 23:19:35 UTC 2015


Hi,

thx for support.

I found second running squid on same box. I shut-down the second squid.
But the problems are not gone......

Sorry I don't have access to the router pc :-( I can not get the rule ....

I have set up web browsers to use direct squid with 3129.
But the result its same.
I found another logs too:

2015/02/14 23:52:25.957 kid1| SECURITY ALERT: Host header forgery detected
on local=192.168.15.2:3129 remote=10.0.0.7:54648 FD 77 flags=33
(intercepted port does not match 443)
2015/02/14 23:52:25.957 kid1| SECURITY ALERT: By user agent: Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko/20100101
Firefox/12.0
2015/02/14 23:52:25.957 kid1| SECURITY ALERT: on URL: www.youtube.com:443

OS ist Slackware on squid box.
All web browser on client PCs is set to use proxy server

Topology is:
Clients PC connected to switch -> switch to Router pc -> squid its on DMZ
Von Router pc

thx for support


On Thu, Feb 12, 2015 at 3:34 PM, Luis Miguel Silva <
luismiguelferreirasilva at gmail.com> wrote:

> I bumped into this same "forwarding loop" problem yesterday!
> In my case, it was because I had two transparent proxies in the same
> network and was basically redirecting traffic twice:
> [internet] <-> [appliance 1] <-> [appliance 2] <-> [client computer]
>
> I mistakenly added iptables redirect rules in both appliance 1 and
> appliance 2 and that caused Squid to spit out that "forwarding loop
> detected" error.
>
>
> On Thu, Feb 12, 2015 at 4:40 AM, Antony Stone <
> Antony.Stone at squid.open.source.it> wrote:
>
>> On Thursday 12 Feb 2015 at 11:26, naser sonbaty wrote:
>>
>> > Hi,
>> >
>> > Internet is connected to Router PC
>> >
>> > Only trafic to port 80 is send to squid.
>>
>> Yes, I know that, but traffic *from* where?
>>
>> Please answer the question below.  Even better, show us the redirect rule
>> you're using on the router to do it.
>>
>> > On Thu, Feb 12, 2015 at 11:58 AM, Antony Stone wrote:
>> > >
>> > > Have you configured the router to redirect port 80 traffic from the
>> > > Client PC to Squid 3129, or have you configured it to redirect *all*
>> port
>> > > 80 traffic (including from Squid) to Squid 3129?
>> > >
>> > > Looks like the Router is making Squid talk to itself.
>>
>>
>> Regards,
>>
>>
>> Antony.
>>
>> --
>> I love deadlines.   I love the whooshing noise they make as they go by.
>>
>>  - Douglas Noel Adams
>>
>>                                                    Please reply to the
>> list;
>>                                                          please *don't*
>> CC me.
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150215/b6707aec/attachment-0003.html>


More information about the squid-users mailing list