[squid-users] I am seeing the following in my cache.log
Amos Jeffries
squid3 at treenet.co.nz
Wed Mar 25 02:18:43 UTC 2015
On 25/03/2015 2:05 p.m., Monah Baki wrote:
> Thanks Amos,
>
> My problem is I only have control over the squid server. I can only
> tell the ISP to take the client offline and run some AntiVirus or
> better reimage the device.
The security problem is that your proxy is receiving over port 80
(*unencrypted* origin server) a request the client apparently sent on
port 443 (encrypted origin server).
This may be caused by the client browser running a script which is
hjacking it. Or somebody between your proxy and the client MITM'ing the
connection and sending decrypted content out over the network in the
clear. Neither is a desirable situation.
>
> Within 2 hours my cache.log grew to 50MB in size and it was repeating
> the error mentioned over and over again till my squid server started
> complaining about running out of file descriptors, and stopped
> working.
Your proxy is configured such that it adds the Via header properly for
loop detection.
However, if there is another proxy stripping away that header and a loop
happens it would directly lead to both the FD exhaustion and the
extremely large amount of log entries (once per loop).
Amos
More information about the squid-users
mailing list