<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><a class="moz-txt-link-freetext" href="http://www.squid-cache.org/mail-archive/squid-users/201105/0264.html">http://www.squid-cache.org/mail-archive/squid-users/201105/0264.html</a></p>
<p><a class="moz-txt-link-freetext" href="http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-5-1-intercept-Forwarding-loop-detected-for-td4669756.html">http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-5-1-intercept-Forwarding-loop-detected-for-td4669756.html</a></p>
<p><a class="moz-txt-link-freetext" href="https://www.google.com/search?q=Squid+forwarding-loop">https://www.google.com/search?q=Squid+forwarding-loop</a></p>
<p>This can helps?<br>
</p>
<br>
<div class="moz-cite-prefix">16.03.2018 23:57, Patrick Nick пишет:<br>
</div>
<blockquote type="cite"
cite="mid:CAH+7_B2odG91TaLPmqEdJgiZ1rDTxyM2_dELu6S8tpUdQEOtaA@mail.gmail.com">
<div dir="ltr">Hello list,
<div><br>
</div>
<div>I have resolved first problem about cache_peer using
Kerberos authentication. Now I want to make that setup
transparent/intercepting. Keep in mind that my situation does
NOT involve browsers or port 80 at any point, it's a pure
machine-to-machine API communication.</div>
<div><br>
</div>
<div>I have added the "intercept" keyword to my config, here is
a part of my config that seems relevant:</div>
<div><font face="monospace, monospace"><br>
</font></div>
<div>
<div><font face="monospace, monospace">http_port 3128
intercept</font></div>
<div><font face="monospace, monospace"><span
style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">cache_peer<span> </span></span><a
href="http://my.company.webserver.net/" target="_blank"
style="color:rgb(17,85,204);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"
moz-do-not-send="true">my.company.webserver.net</a><span
style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><span> </span>parent
8081 0 no-query login=NEGOTIATE:myPrincipal</span>
originserver</font></div>
</div>
<div><br>
</div>
<div>And here is how I test it by using the rather new curl
option "<font face="monospace, monospace">--connect-to</font>"
which allows to send the request to a different host:port than
specified in the "Host:" http header:</div>
<div><br>
</div>
<div><font face="monospace, monospace">curl -b ~/cookies.txt -c
~/cookies.txt -H'Content-Type: application/json' "<a
href="http://my.company.host.net:8081/status"
moz-do-not-send="true">http://my.company.host.net:8081/status</a>"
--connect-to "<a href="http://my.company.host.net:8081"
moz-do-not-send="true">my.company.host.net:8081</a>:<a
href="http://my.squid.host.net:3128"
moz-do-not-send="true">my.squid.host.net:3128</a>" -v</font><br>
</div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="arial, helvetica, sans-serif">The result is
always "</font><font face="monospace, monospace">HTTP/1.1
403 Forbidden</font><font face="arial, helvetica,
sans-serif">" and in the logs I see "</font><font
face="monospace, monospace">WARNING: Forwarding loop
detected for:</font><span
style="font-family:arial,helvetica,sans-serif">".</span></div>
<div><span style="font-family:arial,helvetica,sans-serif"><br>
</span></div>
<div><span style="font-family:arial,helvetica,sans-serif">I
don't understand how a loop can form. I've seen many
tutorials talking about using iptables to redirect traffic
to a different port, but I don't think that I need that,
since the curl-option should take care of that.</span></div>
<div><span style="font-family:arial,helvetica,sans-serif">I
assume that squid should receive the request and then send
it on to what's specified in the "</span><font
face="monospace, monospace">Host:</font><span
style="font-family:arial,helvetica,sans-serif">" header. Is
this wrong? What kind of loop is forming here and how do I
break it?</span></div>
<div><span style="font-family:arial,helvetica,sans-serif"><br>
</span></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
"C++ seems like a language suitable for firing other people's legs."
*****************************
* C++20 : Bug to the future *
*****************************</pre>
</body>
</html>