Break all detected forwarding loops. The old code tried to avoid breaking loops for non-intercepted/accelerated requests (nobody on squid-dev could explain why). Unfortunately, the "is this an intercepted request?" question cannot be reliably answered by examining http->flags. We would have to check the port settings because sometimes the port is intercepting, but we do not flip the corresponding flag in the request (I do not know why). If breaking all loops does not cause problems in valid setups, then it is a better option that trying to figure out exactly what loops are safe to break. This change will break setups that use non-unique proxy names in Via headers. On the other hand, such setups can be considered invalid anyway, and the issue should not be tied to whether this Squid uses interception or direct forwarding. In other words, they were just lucky to work before this change. === modified file 'src/client_side_reply.cc' --- src/client_side_reply.cc 2010-11-03 15:48:09 +0000 +++ src/client_side_reply.cc 2011-01-07 18:36:43 +0000 @@ -620,9 +620,8 @@ return; } - /// Deny loops for accelerator and interceptor. TODO: deny in all modes? - if (r->flags.loopdetect && - (http->flags.accel || http->flags.intercepted)) { + // Deny all detected loops because we cannot reliably identify benign ones. + if (r->flags.loopdetect) { http->al.http.code = HTTP_FORBIDDEN; err = clientBuildError(ERR_ACCESS_DENIED, HTTP_FORBIDDEN, NULL, http->getConn()->peer, http->request); createStoreEntry(r->method, request_flags());