bypass and ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION

995 views
Skip to first unread message

Spike

unread,
Feb 26, 2017, 2:49:18 PM2/26/17
to e2guardian
Dear all,

I'm running latest E2G and from time to time I get this error:

ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION

when visiting some sites that are banned using the bypass. I get this on Chrome or Firefox on Ubuntu Xenial (everything latest) and also Windows 10 with again Chrome or Firefox latest. However I do not get the error on iOS with Safari.

I can reproduce this cleanly visiting flickr.com, which is currently banned. To be clear, the ban + bypass works fine most of the times, but for some reasons fail on some sites.

I found an old bug here, but it's closed:

Duplicate headers received when using temporary bypass

any thoughts?

thanks,

Spike

FredB

unread,
Feb 28, 2017, 1:27:07 PM2/28/17
to e2gua...@googlegroups.com

Hi

Do you have bannedregexwithblanketblock on ?

And it works without bypass ?

Do you have a wireshark capture with header response ?

--
You received this message because you are subscribed to the Google Groups "e2guardian" group.
To unsubscribe from this group and stop receiving emails from it, send an email to e2guardian+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Spike

unread,
Feb 28, 2017, 11:23:33 PM2/28/17
to FredB, e2gua...@googlegroups.com
thanks for your reply Fred.

the question about capturing a dump triggered the response, see below

On Tue, Feb 28, 2017 at 10:27 AM FredB <num...@free.fr> wrote:

Do you have bannedregexwithblanketblock on ?

no, don't have this setting in my config at all 

And it works without bypass ?

not sure how this question works, the site is blocked, so without bypass it doesn't work. but maybe I'm misunderstanding you 

Do you have a wireshark capture with header response ?

I've just tried to grab one and the problem is actually pretty obvious, there are indeed multiple location headers. See below how basically the request with the bypass gets a 302 back to an http page and two locations, one to the new upgraded ssl site and the other to the plain url I tried to reach:

(wireshark follow stream)

GET /?GBYPASS=F8750859951F27BE35D831A7A2F30F1A1488341408 HTTP/1.1

Host: www.flickr.com

Connection: keep-alive

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Referer: http://www.flickr.com/

Accept-Encoding: gzip, deflate, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.0 302 Redirect

X-Frame-Options: SAMEORIGIN

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

X-Served-By: pprd1-node311-lh1.manhattan.gq1.yahoo.com

X-Instance: flickr.v1.production.manhattan.gq1.yahoo.com

Cache-Control: no-cache, max-age=0, must-revalidate, no-store

Pragma: no-cache

X-Request-Id: f414b1df

Location: https://www.flickr.com/ <----- THIS ONE

Vary: Accept

Content-Type: text/html; charset=utf-8

Content-Length: 0

Date: Wed, 01 Mar 2017 04:05:11 GMT

Age: 0

Server: ATS

X-Cache: MISS from srv-gw

X-Cache-Lookup: MISS from srv-gw:3128

Via: http/1.1 fts106.flickr.gq1.yahoo.com (ApacheTrafficServer [cMs f ]), https/1.1 e10.ycpi.laa.yahoo.com (ApacheTrafficServer [cMsSf ]), 1.1 srv-gw (squid/3.5.12)

Connection: keep-alive

Set-Cookie: GBYPASS=AB7F3E0177E20C1687D0E37CC5632A241488341408; path=/; domain=.flickr.com

Location: http://www.flickr.com <------- THIS OTHER ONE

 

so there's indeed two Location headers. I don't get why tho.

If I bypass the filter there's only one location header, so it doesn't seem it's a problem with flickr's servers:

GET / HTTP/1.1

Host: flickr.com

Connection: keep-alive

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Encoding: gzip, deflate, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Moved Temporarily

X-Frame-Options: SAMEORIGIN

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

X-Served-By: pprd1-node296-lh1.manhattan.bf1.yahoo.com

X-Instance: flickr.v1.production.manhattan.bf1.yahoo.com

Location: http://www.flickr.com/

Vary: Accept

Content-Type: text/html; charset=utf-8

Content-Length: 100

Date: Wed, 01 Mar 2017 04:19:43 GMT

Age: 0

Server: ATS

Connection: keep-alive

Via: http/1.1 fts113.flickr.bf1.yahoo.com (ApacheTrafficServer [cMsSf ])


<p>Moved Temporarily. Redirecting to <a href="http://www.flickr.com/">http://www.flickr.com/</a></p>



Does anything stand out to you where the problem is? what's adding that second location header?

thanks,

Spike

FredB

unread,
Mar 1, 2017, 2:42:27 AM3/1/17
to e2gua...@googlegroups.com
Ok, It seems there is a bug, please open a ticket I will investigate soon, I'm working on NTLM right now

Fred

Spike

unread,
Mar 1, 2017, 10:34:45 AM3/1/17
to FredB, e2gua...@googlegroups.com

On Tue, Feb 28, 2017 at 11:42 PM FredB <num...@free.fr> wrote:
Ok, It seems there is a bug, please open a ticket I will investigate soon, I'm working on NTLM right now

Fred

Reply all
Reply to author
Forward
0 new messages