[squid-users] Google Chrome reports "Too many redirects" on ssl-dumped connections with LA Times News Website

Amos Jeffries squid3 at treenet.co.nz
Fri Nov 3 07:38:26 UTC 2017


On 03/11/17 19:45, Jeffrey Merkey wrote:
> This error is extremely hard to reproduce, and I found it can be
> cleared by restarting squid, which seems to make it go away.   It
> seems to take several hours of non-stop proxy use then once the error
> occurs the we browser reports "too many redirects" and certificate
> errors.
> 
> Doing a restart on Centos 7 clears it:
> 
> # systemctl restart squid
> 
> The log shows some sort of "refresh unmodified state before it happens:
> 
> 1509690588.252    167 127.0.0.1 TAG_NONE/200 0 CONNECT
> events.bouncex.net:443 - HIER_DIRECT/35.190.62.200 -
> 1509690588.272    210 127.0.0.1 TAG_NONE/200 0 CONNECT
> analytics.twitter.com:443 - HIER_DIRECT/199.59.149.200 -
> 1509690588.280     62 127.0.0.1 TCP_REFRESH_UNMODIFIED/200 38412 GET
> http://www.latimes.com/nation/la-na-vegas-shooting-sheriff-20171102-story.html
> - HIER_DIRECT/104.120.143.198 text/html      <================== error
> is here

This is a 200 status response. So whatever "redirection" is occuring is 
not part of the HTTP for that transaction.

The refresh means that something was cached beforehand but was stale so 
the server had to be asked for permission to deliver it. UNMODIFIED 
means the server responded by indicating it was okay to use.

> 1509690588.356    220 127.0.0.1 TCP_MISS/200 960 GET
> https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/34.228.123.38
> text/xml
> 1509690588.366    304 127.0.0.1 TAG_NONE/200 0 CONNECT
> geo.moatads.com:443 - HIER_DIRECT/52.21.172.68 -
> 1509690588.374    303 127.0.0.1 TAG_NONE/200 0 CONNECT
> rtr.innovid.com:443 - HIER_DIRECT/13.58.208.14 -
> 1509690588.377     33 127.0.0.1 TCP_MISS/200 498 GET
> https://tribpubdfp745347008913.s.moatpixel.com/pixel.gif? - HIER_
> 
> If there are particulars and I attempt to recreate this problem are
> there any specific logging parms or settings that would help you
> understand this particular error or shed some light on it that I could
> set on my end.

The tool at redbot.org shows the HTTP protocol and all the content at 
that refreshed URL is all relatively normal. Some Vary issues, but that 
should not be leading to redirect loops.


Since the error is showing up in the browser and not easily visible in 
the server traffic I think the best place to look would be to debug what 
the browser is doing exactly. It probably has something to do with how 
it handles those cert errors (ie TLS-Everywhere misfeatures always 
trying to do broken https:// when http:// works fine).


Also, which Squid version are you using may matter. You didn't say which.

Amos


More information about the squid-users mailing list