On 11/3/17, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 03/11/17 19:45, Jeffrey Merkey wrote: >> This error is extremely hard to reproduce, and I found it can be >> cleared by restarting squid, which seems to make it go away. It >> seems to take several hours of non-stop proxy use then once the error >> occurs the we browser reports "too many redirects" and certificate >> errors. >> >> Doing a restart on Centos 7 clears it: >> >> # systemctl restart squid >> >> The log shows some sort of "refresh unmodified state before it happens: >> >> 1509690588.252 167 127.0.0.1 TAG_NONE/200 0 CONNECT >> events.bouncex.net:443 - HIER_DIRECT/35.190.62.200 - >> 1509690588.272 210 127.0.0.1 TAG_NONE/200 0 CONNECT >> analytics.twitter.com:443 - HIER_DIRECT/199.59.149.200 - >> 1509690588.280 62 127.0.0.1 TCP_REFRESH_UNMODIFIED/200 38412 GET >> http://www.latimes.com/nation/la-na-vegas-shooting-sheriff-20171102-story.html >> - HIER_DIRECT/104.120.143.198 text/html <================== error >> is here > > This is a 200 status response. So whatever "redirection" is occuring is > not part of the HTTP for that transaction. > > The refresh means that something was cached beforehand but was stale so > the server had to be asked for permission to deliver it. UNMODIFIED > means the server responded by indicating it was okay to use. > >> 1509690588.356 220 127.0.0.1 TCP_MISS/200 960 GET >> https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/34.228.123.38 >> text/xml >> 1509690588.366 304 127.0.0.1 TAG_NONE/200 0 CONNECT >> geo.moatads.com:443 - HIER_DIRECT/52.21.172.68 - >> 1509690588.374 303 127.0.0.1 TAG_NONE/200 0 CONNECT >> rtr.innovid.com:443 - HIER_DIRECT/13.58.208.14 - >> 1509690588.377 33 127.0.0.1 TCP_MISS/200 498 GET >> https://tribpubdfp745347008913.s.moatpixel.com/pixel.gif? - HIER_ >> >> If there are particulars and I attempt to recreate this problem are >> there any specific logging parms or settings that would help you >> understand this particular error or shed some light on it that I could >> set on my end. > > The tool at redbot.org shows the HTTP protocol and all the content at > that refreshed URL is all relatively normal. Some Vary issues, but that > should not be leading to redirect loops. > > > Since the error is showing up in the browser and not easily visible in > the server traffic I think the best place to look would be to debug what > the browser is doing exactly. It probably has something to do with how > it handles those cert errors (ie TLS-Everywhere misfeatures always > trying to do broken https:// when http:// works fine). > > > Also, which Squid version are you using may matter. You didn't say which. > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > Hi Amos, Thanks for responding, the squid version is: Squid Cache: Version 3.5.27 Service Name: squid This binary uses OpenSSL 1.0.1e-fips 11 Feb 2013. For legal restrictions on distribution see https://www.openssl.org/source/license.html configure options: '--with-openssl' '--enable-ssl' '--enable-ssl-crtd' '--enable-http-violations' I also wanted to let you know that I upgraded my Chrome browser about a week ago and that's when the redirect errors started showing up. This makes me lean towards the possibility that it's a bug of some sort in the Chrome browser itself. What makes me suspect another bug in Squid is the fact that restarting the squid server clears the browser error. I will attempt to log the error better the next time I see it and perhaps that will help run it down. If the bug is in Chrome then its clearly not a problem with Squid, but the fact that reloading squid clears the bug gives me pause to review both. The specific Chrome version I am seeing this error with is: obtained from about:version Google Chrome 60.0.3112.101 (Official Build) (64-bit) Revision 1f3c0cf4b3083dfbe4da434af1726820cf384ce3-refs/branch-heads/3112@{#723} OS Linux JavaScript V8 6.0.286.54 Flash 27.0.0.183 /home/jmerkey/.config/google-chrome/PepperFlash/27.0.0.183/libpepflashplayer.so User Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36 Command Line /usr/bin/google-chrome-stable --flag-switches-begin --flag-switches-end Executable Path /opt/google/chrome/google-chrome Profile Path /home/jmerkey/.config/google-chrome/Profile 1 Variations 241fff6c-4eda1c57 3095aa95-3f4a17df 7c1bc906-f55a7974 47e5d3db-3d47f4f4 d43bf3e5-bd7cd813 ba3f87da-45bda656 5ca89f9-3f4a17df f3499283-7711d854 9e201a2b-7e3ae057 5b3ed0a1-3f4a17df 68812885-4d2fac87 9bd94ed7-b1c9f6b0 b791c1b8-3f4a17df 9773d3bd-f23d1dea 2e109477-f3b42e62 99144bc3-3cc2175e 9e5c75f1-dadcfe94 f79cb77b-3d47f4f4 b7786474-d93a0620 27219e67-b2047178 23a898eb-e0e2610f 64224f74-5087fa4a 56302f8c-2f882e70 de03e059-e65e20f2 f56e0452-f23d1dea 1354da85-f34af386 494d8760-91c810ef 3ac60855-486e2a9c f296190c-a0af34c0 4442aae2-75cb33fc ed1d377-e1cc0f14 75f0f0a0-e1cc0f14 e2b18481-e1cc0f14 e7e71889-e1cc0f14 828a5926-9d7acf42 a88c475d-3d47f4f4 Jeff _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
