Re: Fwd: Re: [squid-users] google picking up squid as

From: Alex Rousskov <>
Date: Fri, 27 Jun 2014 09:33:04 -0600

On 06/27/2014 09:00 AM, Lawrence Pingree wrote:

> forwarded_for delete
> via off
> I realize this breaks the RFC,

More importantly, it breaks Squid's loop detection mechanism. In many
environments, breaking that mechanism creates an easy-to-abuse Squid DoS
attack vector.

Modern Squids have a workaround that can partially restore the loop
cutting code AFAICT: Consider adding

  request_header_add X-UseSomeUniqueNameHere useAnyValueHere all

to your squid.conf so that looping HTTP request headers get larger and
larger with every iteration until Squid refuses to process the looping
request. To cut loops faster, you can also deny incoming requests that
carry that unique-to-your-setup header.


Received on Fri Jun 27 2014 - 15:33:21 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 28 2014 - 12:00:06 MDT