origin-cookie-redirect might go into a loop with Mozilla Firefox and Google Chrome for certain Third Level Domains because these browsers reject cookies set by the ProxySG.
The list of affected TLDs can be found at http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1 (currently redirects to https://publicsuffix.org/list/effective_tld_names.dat)
For example :
No. Time Source Destination SrcPort DstPort Protocol Info
3 0.025 10.10.10.103 10.10.10.10 1605 8080 HTTP GET http://www.wa.gov.au/ HTTP/1.1
6 0.028 10.10.10.10 10.10.10.103 8080 1605 HTTP HTTP/1.1 302 Found (text/html)
14 0.089 10.10.10.103 10.10.10.10 1606 8080 HTTP GET http://sg200/?cfru=aHR0cDovL3d3dy53YS5nb3YuYXUv HTTP/1.1
15 0.090 10.10.10.10 10.10.10.103 8080 1606 HTTP HTTP/1.1 401 Unauthorized (text/html)
23 2.693 10.10.10.103 10.10.10.10 1607 8080 HTTP GET http://sg200/?cfru=aHR0cDovL3d3dy53YS5nb3YuYXUv HTTP/1.1
24 2.696 10.10.10.10 10.10.10.103 8080 1607 HTTP HTTP/1.1 302 Found (text/html)
34 2.757 10.10.10.103 10.10.10.10 1608 8080 HTTP GET http://www.wa.gov.au/?bcsi-ac-658A3E38FE4774A7=204B2C8B00000002+tUkM73uKrkJjG7S0q/jw+YSa5QCAAAAAgAAAIXGDQCEAwAAAAAAAAEAAAA= HTTP/1.1
36 2.759 10.10.10.10 10.10.10.103 8080 1608 HTTP HTTP/1.1 302 Found (text/html)
43 2.832 10.10.10.103 10.10.10.10 1609 8080 HTTP GET http://www.wa.gov.au/ HTTP/1.1
44 2.832 10.10.10.10 10.10.10.103 8080 1609 HTTP HTTP/1.1 302 Found (text/html)
Frame #34 :
GET http://www.wa.gov.au/?bcsi-ac-658A3E38FE4774A7=204B2C8B00000002+tUkM73uKrkJjG7S0q/jw+YSa5QCAAAAAgAAAIXGDQCEAwAAAAAAAAEAAAA= HTTP/1.1
Host: www.wa.gov.au
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.7,zh-hk;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Frame #36 :
HTTP/1.1 302 Found
Location: http://www.wa.gov.au/
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NON ADM OUR STP COM"
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Set-Cookie: BCSI-AC-658A3E38FE4774A7=204B2C8B00000002+tUkM73uKrkJjG7S0q/jw+YSa5QCAAAAAgAAAIXGDQCEAwAAAAAAAAEAAAA=; Path=/; Domain=.wa.gov.au <<<<<
Connection: close
Content-Length: 634
Frame #43 (no BCSI-AC-* cookie) :
GET http://www.wa.gov.au/ HTTP/1.1
Host: www.wa.gov.au
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.7,zh-hk;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
This has been addressed by B#198772 in SG 6.5.4.1.
SG 6.4.x and earlier SGOS versions are still affected by this.
Workaround
1. Use Internet Explorer to access the list of affected domains.
2. Use origin-ip-redirect for the list of affected domains.