Quantcast

X-Forwarded-For breaks a site

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

X-Forwarded-For breaks a site

Andrea Venturoli
Hello.

I've been invited to visit a web site and I couldn't see it.
Bypassing squid would solve the problem, so I made some some researches
and saw that adding "forwarded_for transparent" to my config would do.

I'm wondering what the reason might be...

tcpdump showed that:
1) initial connection to http:/www.xxxxxxx.com yields a 302 redirect to
http:/www.xxxxxxx.com/md;
2) so a second request goes out to http:/www.xxxxxxx.com/md and yields a
301, again redirecting to http:/www.xxxxxxx.com/md/ (notice the last slash);
3) finally a request goes out for http:/www.xxxxxxx.com/md/ and here's
where a difference arises between a direct connection and one through
Squid (without "forwarded_for transparent").

The answer to a direct connection (or to Squid with "forwarded_for
transparent") is:

> HTTP/1.1 303 See other
> Date: Mon, 30 Jan 2017 09:56:18 GMT
> Server: Apache
> X-Powered-By: PHP/5.3.29
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> Pragma: no-cache
> Set-Cookie: PHPSESSID=wwwwwwwwwww; path=/
> Set-Cookie: yyyyyyyyyyyyyy=zzzzzzzzzzzzz; path=/; HttpOnly
> Location: http://www.xxxxxxx.com/md/it/
> Content-Length: 0
> Connection: close
> Content-Type: text/html; charset=utf-8

The answer to Squid without "forwarded_for transparent") is:

> HTTP/1.1 200 OK
> Date: Mon, 30 Jan 2017 09:33:51 GMT
> Server: Apache
> X-Powered-By: PHP/5.3.29
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> Pragma: no-cache
> Set-Cookie: PHPSESSID=vvvvvvvvvvvvvvvvvvvvvv; path=/
> Content-Length: 0
> Keep-Alive: timeout=15, max=98
> Connection: Keep-Alive
> Content-Type: text/html


The site is a commercial one and, altough it features a reserved area, I
don't see any point in loosing visibility to corporate users.
Also the webserver belongs to a famous ISP which should also hosts
thousands of other sites, so I guess it should have nothing fancy.



Anyone can shed some light on this behaviour?
Is this Squid's fault (I don't think so, but I'll just ask)?
Is this a known bug in some version of Apache or PHP or whatever?
Is it dangerous to keep "forwarded_for transparent" in my config?



  bye & Thanks
        av.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: X-Forwarded-For breaks a site

Matus UHLAR - fantomas
On 30.01.17 12:09, Andrea Venturoli wrote:

>The answer to a direct connection (or to Squid with "forwarded_for
>transparent") is:
>>HTTP/1.1 303 See other
>>Date: Mon, 30 Jan 2017 09:56:18 GMT
>>Server: Apache
>>X-Powered-By: PHP/5.3.29
>>Expires: Thu, 19 Nov 1981 08:52:00 GMT
>>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
>>Pragma: no-cache
>>Set-Cookie: PHPSESSID=wwwwwwwwwww; path=/
>>Set-Cookie: yyyyyyyyyyyyyy=zzzzzzzzzzzzz; path=/; HttpOnly
>>Location: http://www.xxxxxxx.com/md/it/
>>Content-Length: 0
>>Connection: close
>>Content-Type: text/html; charset=utf-8
>
>The answer to Squid without "forwarded_for transparent") is:
>>HTTP/1.1 200 OK
>>Date: Mon, 30 Jan 2017 09:33:51 GMT
>>Server: Apache
>>X-Powered-By: PHP/5.3.29
>>Expires: Thu, 19 Nov 1981 08:52:00 GMT
>>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
>>Pragma: no-cache
>>Set-Cookie: PHPSESSID=vvvvvvvvvvvvvvvvvvvvvv; path=/
>>Content-Length: 0
>>Keep-Alive: timeout=15, max=98
>>Connection: Keep-Alive
>>Content-Type: text/html
>
>
>The site is a commercial one and, altough it features a reserved
>area, I don't see any point in loosing visibility to corporate users.
>Also the webserver belongs to a famous ISP which should also hosts
>thousands of other sites, so I guess it should have nothing fancy.

>Anyone can shed some light on this behaviour?

it's quite common that some pages break on x-forwarded-for header.
It's mostly fault of those pages, not clients or webserver.

>Is this Squid's fault (I don't think so, but I'll just ask)?

no

>Is this a known bug in some version of Apache or PHP or whatever?

no

>Is it dangerous to keep "forwarded_for transparent" in my config?

might be, if you let private internal data to pass out.

you should study what does the directive do and decide what to do with XFF
header. See:
http://www.squid-cache.org/Doc/config/forwarded_for/

if there's possibility of contacting the page owner with a complaint, do that.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...