Re: [squid-users] Forwarding loop detected for .. help from Henrik Nordstrom on 2008-10-09 (squid-users)

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Thu, 09 Oct 2008 10:56:06 +0200

On tor, 2008-10-09 at 10:09 +0200, Gregory Machin wrote:
> Hi
> what cause this

Most likely a broken dyndns client configured to use the proxy, combined
with the same port being used both for forward proxy and transparent
interception.

> 2008/10/05 05:27:47| WARNING: Forwarding loop detected for:
> GET /nic/update?&hostname=za1fwl01.dnsalias.com&myip=196.22.217.98&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG
> HTTP/1.0
> User-Agent: Fortinet_DDNSC/1.200310271130
> Host: 66.*.*.133:3128
> Via: 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
> cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
> (squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
> cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
> (squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0

> How do I prevent it ?

Use miss_access to deny forwarding requests to the proxy itself.

acl to_myself dst ip.of.proxy 127.0.0.1 [and any other ips the proxy
listens on]

miss_access deny to_myself

Regards
Henrik

application/pgp-signature attachment: This is a digitally signed message part

Received on Thu Oct 09 2008 - 08:56:12 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 09 2008 - 12:00:02 MDT