Hello list,
I have resolved first problem about cache_peer using Kerberos authentication. Now I want to make that setup transparent/intercepting. Keep in mind that my situation does NOT involve browsers or port 80 at any point, it's a pure machine-to-machine API communication.
I have added the "intercept" keyword to my config, here is a part of my config that seems relevant:
http_port 3128 intercept
And here is how I test it by using the rather new curl option "--connect-to" which allows to send the request to a different host:port than specified in the "Host:" http header:
curl -b ~/cookies.txt -c ~/cookies.txt -H'Content-Type: application/json' "http://my.company.host.net:8081/status" --connect-to "my.company.host.net:8081:my.squid.host.net:3128" -v
The result is always "HTTP/1.1 403 Forbidden" and in the logs I see "WARNING: Forwarding loop detected for:".
I don't understand how a loop can form. I've seen many tutorials talking about using iptables to redirect traffic to a different port, but I don't think that I need that, since the curl-option should take care of that.
I assume that squid should receive the request and then send it on to what's specified in the "Host:" header. Is this wrong? What kind of loop is forming here and how do I break it?
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
