We have a Squid 3.4 server configured as a Reverse Proxy on Oracle Linux 6. It is working correctly for most sites, those which are HTTP all the way through to the peer, Those which are HTTPS all the way through to the peer and those which have SSL offloaded at the external interface on Squid. We have however come across a problem when using a proprietary Content Management System. In this CMS, you set each page to show how it should be served i.e. HTTP or HTTPS. If traffic comes into the CMS with HTTP and it's set for HTTPS, the CMS tries to re-write/force the URL so that it comes back with https:// at the start. The problem is that, this appears to come through Squid as an indefinite loop and the page fails. When connecting a Browser directly to the CMS server, and using the same site and page settings, it works, but when going through squid, it doesn't. Now, I'm willing to believe that the CMS is affecting the HTTP traffic so that it is not strict and that Squid then fails as it it doesn't know how to handle it, but I thought I would post here and see if anyone could help. Our config is the following (with obfuscation); http_port 10.x.x.42:80 accel defaultsite=server_2.bl.co.uk https_port 10.x.x.42:443 accel cert=/usr/newrprgate/CertAuth/www/s.crt key=/usr/newrprgate/CertAuth/www/southtynesidehomes_key.pem cipher=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM options=NO_SSLv2,NO_SSLv3 defaultsite=server_2.bl.co.uk cache_peer 10.x.x.202 parent 80 0 no-query originserver name=server_2_http cache_peer 10.x.x.202 parent 443 0 no-query originserver login=PASS connection-auth=on ssl sslcert=/usr/newrprgate/CertAuth/www/peer_keys/www.pem sslversion=1 sslflags=DONT_VERIFY_PEER front-end-https name=server_2_https acl sites_server_2 dstdomain www.s.org.uk cache_peer_access server_2_http allow sites_server_2 cache_peer_access server_2_https allow sites_server_2 cache_peer_access server_2_http deny all cache_peer_access server_2_https deny all I have switched full logging on and the output is shown below; ---------- 2015/01/13 20:54:38.697 kid1| http.cc(2219) sendRequest: HTTP Server local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1 2015/01/13 20:54:38.697 kid1| http.cc(2220) sendRequest: HTTP Server REQUEST: --------- GET /article/9842/About-us HTTP/1.1 Host: www.s.org.uk Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Referer: http://www.s.org.uk/article/11445/Publications Accept-Encoding: gzip, deflate, sdch Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0; clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b Via: 1.1 servername.bl.co.uk (squid) Surrogate-Capability: servername.bl.co.uk="Surrogate/1.0 ESI/1.0" X-Forwarded-For: 92.237.143.136 Cache-Control: max-age=259200 Connection: keep-alive ---------- 2015/01/13 20:54:38.732 kid1| ctx: enter level 0: 'https://www.s.org.uk/article/9842/About-us' 2015/01/13 20:54:38.732 kid1| http.cc(749) processReplyHeader: HTTP Server local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1 2015/01/13 20:54:38.732 kid1| http.cc(750) processReplyHeader: HTTP Server REPLY: --------- HTTP/1.1 302 Found Cache-Control: private Content-Length: 176 Content-Type: text/html; charset=utf-8 Location: https://www.s.org.uk/article/9842/About-us Server: Microsoft-IIS/7.5 Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b; expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly X-Powered-By: ASP.NET Date: Tue, 13 Jan 2015 21:03:44 GMT <html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="https://www.s.org.uk/article/9842/About-us";>here</a>.</h2> </body></html> ---------- 2015/01/13 20:54:38.732 kid1| ctx: exit level 0 2015/01/13 20:54:38.732 kid1| client_side.cc(1459) sendStartOfMessage: HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54310 FD 30 flags=1 2015/01/13 20:54:38.732 kid1| client_side.cc(1460) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 302 Found Cache-Control: private Content-Length: 176 Content-Type: text/html; charset=utf-8 Location: https://www.s.org.uk/article/9842/About-us Server: Microsoft-IIS/7.5 Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b; expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly X-Powered-By: ASP.NET Date: Tue, 13 Jan 2015 21:03:44 GMT X-Cache: MISS from servername.bl.co.uk X-Cache-Lookup: MISS from servername.bl.co.uk:80 Via: 1.1 servername.bl.co.uk (squid) Connection: keep-alive ---------- 2015/01/13 20:54:38.773 kid1| client_side.cc(2407) parseHttpRequest: HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54307 FD 28 flags=1 2015/01/13 20:54:38.773 kid1| client_side.cc(2408) parseHttpRequest: HTTP Client REQUEST: --------- GET /article/9842/About-us HTTP/1.1 Host: www.s.org.uk Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Referer: http://www.s.org.uk/article/11445/Publications Accept-Encoding: gzip, deflate, sdch Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0; clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b ---------- 2015/01/13 20:54:38.774 kid1| http.cc(2219) sendRequest: HTTP Server local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1 2015/01/13 20:54:38.774 kid1| http.cc(2220) sendRequest: HTTP Server REQUEST: --------- GET /article/9842/About-us HTTP/1.1 Host: www.s.org.uk Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Referer: http://www.s.org.uk/article/11445/Publications Accept-Encoding: gzip, deflate, sdch Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0; clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b Via: 1.1 servername.bl.co.uk (squid) Surrogate-Capability: servername.bl.co.uk="Surrogate/1.0 ESI/1.0" X-Forwarded-For: 92.237.143.136 Cache-Control: max-age=259200 Connection: keep-alive ---------- 2015/01/13 20:54:38.806 kid1| ctx: enter level 0: 'https://www.s.org.uk/article/9842/About-us' 2015/01/13 20:54:38.806 kid1| http.cc(749) processReplyHeader: HTTP Server local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1 2015/01/13 20:54:38.806 kid1| http.cc(750) processReplyHeader: HTTP Server REPLY: --------- HTTP/1.1 302 Found Cache-Control: private Content-Length: 176 Content-Type: text/html; charset=utf-8 Location: https://www.s.org.uk/article/9842/About-us Server: Microsoft-IIS/7.5 Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b; expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly X-Powered-By: ASP.NET Date: Tue, 13 Jan 2015 21:03:44 GMT <html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="https://www.s.org.uk/article/9842/About-us";>here</a>.</h2> </body></html> ---------- 2015/01/13 20:54:38.806 kid1| ctx: exit level 0 2015/01/13 20:54:38.806 kid1| client_side.cc(1459) sendStartOfMessage: HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54307 FD 28 flags=1 2015/01/13 20:54:38.806 kid1| client_side.cc(1460) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 302 Found Cache-Control: private Content-Length: 176 Content-Type: text/html; charset=utf-8 Location: https://www.s.org.uk/article/9842/About-us Server: Microsoft-IIS/7.5 Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b; expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly X-Powered-By: ASP.NET Date: Tue, 13 Jan 2015 21:03:44 GMT X-Cache: MISS from servername.bl.co.uk X-Cache-Lookup: MISS from servername.bl.co.uk:80 Via: 1.1 servername.bl.co.uk (squid) Connection: keep-alive ---------- 2015/01/13 20:54:38.850 kid1| client_side.cc(2407) parseHttpRequest: HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54306 FD 32 flags=1 2015/01/13 20:54:38.850 kid1| client_side.cc(2408) parseHttpRequest: HTTP Client REQUEST: --------- GET /article/9842/About-us HTTP/1.1 Host: www.s.org.uk Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Referer: http://www.s.org.uk/article/11445/Publications Accept-Encoding: gzip, deflate, sdch Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0; clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b ---------- 2015/01/13 20:54:38.850 kid1| http.cc(2219) sendRequest: HTTP Server local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1 2015/01/13 20:54:38.850 kid1| http.cc(2220) sendRequest: HTTP Server REQUEST: --------- GET /article/9842/About-us HTTP/1.1 Host: www.s.org.uk Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Referer: http://www.s.org.uk/article/11445/Publications Accept-Encoding: gzip, deflate, sdch Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0; clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b Via: 1.1 servername.bl.co.uk (squid) Surrogate-Capability: servername.bl.co.uk="Surrogate/1.0 ESI/1.0" X-Forwarded-For: 92.237.143.136 Cache-Control: max-age=259200 Connection: keep-alive ---------- 2015/01/13 20:54:38.881 kid1| ctx: enter level 0: 'https://www.s.org.uk/article/9842/About-us' 2015/01/13 20:54:38.881 kid1| http.cc(749) processReplyHeader: HTTP Server local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1 2015/01/13 20:54:38.881 kid1| http.cc(750) processReplyHeader: HTTP Server REPLY: --------- HTTP/1.1 302 Found Cache-Control: private Content-Length: 176 Content-Type: text/html; charset=utf-8 Location: https://www.s.org.uk/article/9842/About-us Server: Microsoft-IIS/7.5 Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b; expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly X-Powered-By: ASP.NET Date: Tue, 13 Jan 2015 21:03:44 GMT <html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="https://www.s.org.uk/article/9842/About-us";>here</a>.</h2> </body></html> ---------- 2015/01/13 20:54:38.881 kid1| ctx: exit level 0 2015/01/13 20:54:38.881 kid1| client_side.cc(1459) sendStartOfMessage: HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54306 FD 32 flags=1 2015/01/13 20:54:38.881 kid1| client_side.cc(1460) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 302 Found Cache-Control: private Content-Length: 176 Content-Type: text/html; charset=utf-8 Location: https://www.s.org.uk/article/9842/About-us Server: Microsoft-IIS/7.5 Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b; expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly X-Powered-By: ASP.NET Date: Tue, 13 Jan 2015 21:03:44 GMT X-Cache: MISS from servername.bl.co.uk X-Cache-Lookup: MISS from servername.bl.co.uk:80 Via: 1.1 servername.bl.co.uk (squid) Connection: keep-alive ---------- 2015/01/13 20:54:38.930 kid1| client_side.cc(2407) parseHttpRequest: HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54308 FD 25 flags=1 2015/01/13 20:54:38.930 kid1| client_side.cc(2408) parseHttpRequest: HTTP Client REQUEST: --------- GET /article/9842/About-us HTTP/1.1 Host: www.s.org.uk Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Referer: http://www.s.org.uk/article/11445/Publications Accept-Encoding: gzip, deflate, sdch Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0; clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b I'd greatly appreciated it if someone could cast their eyes over the logs and see if anything pops out as to why this infinite loop is displayed by Squid. Thanks very much in advance. John _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
