On 03/11/17 19:45, Jeffrey Merkey wrote:
This error is extremely hard to reproduce, and I found it can be cleared by restarting squid, which seems to make it go away. It seems to take several hours of non-stop proxy use then once the error occurs the we browser reports "too many redirects" and certificate errors. Doing a restart on Centos 7 clears it: # systemctl restart squid The log shows some sort of "refresh unmodified state before it happens: 1509690588.252 167 127.0.0.1 TAG_NONE/200 0 CONNECT events.bouncex.net:443 - HIER_DIRECT/35.190.62.200 - 1509690588.272 210 127.0.0.1 TAG_NONE/200 0 CONNECT analytics.twitter.com:443 - HIER_DIRECT/199.59.149.200 - 1509690588.280 62 127.0.0.1 TCP_REFRESH_UNMODIFIED/200 38412 GET http://www.latimes.com/nation/la-na-vegas-shooting-sheriff-20171102-story.html - HIER_DIRECT/104.120.143.198 text/html <================== error is here
This is a 200 status response. So whatever "redirection" is occuring is not part of the HTTP for that transaction.
The refresh means that something was cached beforehand but was stale so the server had to be asked for permission to deliver it. UNMODIFIED means the server responded by indicating it was okay to use.
1509690588.356 220 127.0.0.1 TCP_MISS/200 960 GET https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/34.228.123.38 text/xml 1509690588.366 304 127.0.0.1 TAG_NONE/200 0 CONNECT geo.moatads.com:443 - HIER_DIRECT/52.21.172.68 - 1509690588.374 303 127.0.0.1 TAG_NONE/200 0 CONNECT rtr.innovid.com:443 - HIER_DIRECT/13.58.208.14 - 1509690588.377 33 127.0.0.1 TCP_MISS/200 498 GET https://tribpubdfp745347008913.s.moatpixel.com/pixel.gif? - HIER_ If there are particulars and I attempt to recreate this problem are there any specific logging parms or settings that would help you understand this particular error or shed some light on it that I could set on my end.
The tool at redbot.org shows the HTTP protocol and all the content at that refreshed URL is all relatively normal. Some Vary issues, but that should not be leading to redirect loops.
Since the error is showing up in the browser and not easily visible in the server traffic I think the best place to look would be to debug what the browser is doing exactly. It probably has something to do with how it handles those cert errors (ie TLS-Everywhere misfeatures always trying to do broken https:// when http:// works fine).
Also, which Squid version are you using may matter. You didn't say which. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
