On 03/11/17 19:45, Jeffrey Merkey wrote:
This error is extremely hard to reproduce, and I found it can be
cleared by restarting squid, which seems to make it go away. It
seems to take several hours of non-stop proxy use then once the error
occurs the we browser reports "too many redirects" and certificate
errors.
Doing a restart on Centos 7 clears it:
# systemctl restart squid
The log shows some sort of "refresh unmodified state before it happens:
1509690588.252 167 127.0.0.1 TAG_NONE/200 0 CONNECT
events.bouncex.net:443 - HIER_DIRECT/35.190.62.200 -
1509690588.272 210 127.0.0.1 TAG_NONE/200 0 CONNECT
analytics.twitter.com:443 - HIER_DIRECT/199.59.149.200 -
1509690588.280 62 127.0.0.1 TCP_REFRESH_UNMODIFIED/200 38412 GET
http://www.latimes.com/nation/la-na-vegas-shooting-sheriff-20171102-story.html
- HIER_DIRECT/104.120.143.198 text/html <================== error
is here
This is a 200 status response. So whatever "redirection" is occuring is
not part of the HTTP for that transaction.
The refresh means that something was cached beforehand but was stale so
the server had to be asked for permission to deliver it. UNMODIFIED
means the server responded by indicating it was okay to use.
1509690588.356 220 127.0.0.1 TCP_MISS/200 960 GET
https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/34.228.123.38
text/xml
1509690588.366 304 127.0.0.1 TAG_NONE/200 0 CONNECT
geo.moatads.com:443 - HIER_DIRECT/52.21.172.68 -
1509690588.374 303 127.0.0.1 TAG_NONE/200 0 CONNECT
rtr.innovid.com:443 - HIER_DIRECT/13.58.208.14 -
1509690588.377 33 127.0.0.1 TCP_MISS/200 498 GET
https://tribpubdfp745347008913.s.moatpixel.com/pixel.gif? - HIER_
If there are particulars and I attempt to recreate this problem are
there any specific logging parms or settings that would help you
understand this particular error or shed some light on it that I could
set on my end.
The tool at redbot.org shows the HTTP protocol and all the content at
that refreshed URL is all relatively normal. Some Vary issues, but that
should not be leading to redirect loops.
Since the error is showing up in the browser and not easily visible in
the server traffic I think the best place to look would be to debug what
the browser is doing exactly. It probably has something to do with how
it handles those cert errors (ie TLS-Everywhere misfeatures always
trying to do broken https:// when http:// works fine).
Also, which Squid version are you using may matter. You didn't say which.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
