Your use of the term "attack" seems to imply that a malicious client can trigger circular request loops by using a cleverly forged request. But I cannot understand how it could happen, unless the proxy servers are misconfigured. Am I missing something?
The link above describes numerous proxies as not so much misconfigured as miscoded. That is, no configuration should cause a proxy to not apply a Via or to ignore its own Via. Presumably the attacker would be a malicious proxy customer rather than a malicious client. If the proxy customer is not considered as a monolith, then actually control of just one proxy's configuration is enough to turn a chain into a loop.
The threat is a DOS against a group of CDNs as a whole. Particular CDN customers are only vulnerable to the extent that they require an affected CDN's services. If the CF link isn't clear, click through to the paper they reference:
That's not the point here. It's an adversary getting two CDNs to loop eachother and launching an attack that way.
If CDN A proxies requests to CDN B and CDN B proxies requests to CDN A then those two will DoS eachother fairly quickly.
There is no attacker inbetween to strip the Via, that would be counterproductive to the attack.
Email has this too; the Received: header. If you manage to get a loop between two MTAs going they will detect it by seeing themselves in the Received: header list.
If other CDNs are removing your Via header, then other CDNs are the adversary, but now we're in Crazy Town because in that case they are DOSing themselves as much as they are DOSing you. The threat discussed here is from malicious CDN customers.
