[squid-users] Intercepting proxy creates forwading loop

Yuri yvoinov at gmail.com
Fri Mar 16 23:08:32 UTC 2018 

http://www.squid-cache.org/mail-archive/squid-users/201105/0264.html

http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-5-1-intercept-Forwarding-loop-detected-for-td4669756.html

https://www.google.com/search?q=Squid+forwarding-loop

This can helps?


16.03.2018 23:57, Patrick Nick пишет:
> Hello list, 
>
> I have resolved first problem about cache_peer using Kerberos
> authentication. Now I want to make that setup
> transparent/intercepting. Keep in mind that my situation does NOT
> involve browsers or port 80 at any point, it's a pure
> machine-to-machine API communication.
>
> I have added the "intercept" keyword to my config, here is a part of
> my config that seems relevant:
>
> http_port 3128 intercept
> cache_peer my.company.webserver.net
> <http://my.company.webserver.net/> parent 8081 0 no-query
> login=NEGOTIATE:myPrincipal originserver
>
> And here is how I test it by using the rather new curl option
> "--connect-to" which allows to send the request to a different
> host:port than specified in the "Host:" http header:
>
> curl -b ~/cookies.txt -c ~/cookies.txt -H'Content-Type:
> application/json' "http://my.company.host.net:8081/status"
> --connect-to "my.company.host.net:8081
> <http://my.company.host.net:8081>:my.squid.host.net:3128
> <http://my.squid.host.net:3128>" -v
>
> The result is always "HTTP/1.1 403 Forbidden" and in the logs I see
> "WARNING: Forwarding loop detected for:".
>
> I don't understand how a loop can form. I've seen many tutorials
> talking about using iptables to redirect traffic to a different port,
> but I don't think that I need that, since the curl-option should take
> care of that.
> I assume that squid should receive the request and then send it on to
> what's specified in the "Host:" header. Is this wrong? What kind of
> loop is forming here and how do I break it?
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180317/52a896c3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180317/52a896c3/attachment.sig>

More information about the squid-users mailing list