[squid-users] Intercepting proxy creates forwading loop
Patrick Nick
peedee.nick at gmail.com
Fri Mar 16 17:57:21 UTC 2018
Hello list,
I have resolved first problem about cache_peer using Kerberos
authentication. Now I want to make that setup transparent/intercepting.
Keep in mind that my situation does NOT involve browsers or port 80 at any
point, it's a pure machine-to-machine API communication.
I have added the "intercept" keyword to my config, here is a part of my
config that seems relevant:
http_port 3128 intercept
cache_peer my.company.webserver.net parent 8081 0 no-query
login=NEGOTIATE:myPrincipal originserver
And here is how I test it by using the rather new curl option "--connect-to"
which allows to send the request to a different host:port than specified in
the "Host:" http header:
curl -b ~/cookies.txt -c ~/cookies.txt -H'Content-Type: application/json' "
http://my.company.host.net:8081/status" --connect-to "
my.company.host.net:8081:my.squid.host.net:3128" -v
The result is always "HTTP/1.1 403 Forbidden" and in the logs I see "WARNING:
Forwarding loop detected for:".
I don't understand how a loop can form. I've seen many tutorials talking
about using iptables to redirect traffic to a different port, but I don't
think that I need that, since the curl-option should take care of that.
I assume that squid should receive the request and then send it on to
what's specified in the "Host:" header. Is this wrong? What kind of loop is
forming here and how do I break it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180316/f47baed0/attachment.html>
More information about the squid-users
mailing list