On 06/27/2014 09:00 AM, Lawrence Pingree wrote: > forwarded_for delete > via off > > I realize this breaks the RFC, More importantly, it breaks Squid's loop detection mechanism. In many environments, breaking that mechanism creates an easy-to-abuse Squid DoS attack vector. Modern Squids have a workaround that can partially restore the loop cutting code AFAICT: Consider adding request_header_add X-UseSomeUniqueNameHere useAnyValueHere all to your squid.conf so that looping HTTP request headers get larger and larger with every iteration until Squid refuses to process the looping request. To cut loops faster, you can also deny incoming requests that carry that unique-to-your-setup header. HTH, Alex.
