Le jeu 17/07/2003 à 08:24, Mikko Alutoin a écrit : > I have a question about transparent proxying. Suppose I have the following > rule in my kernel: > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT > --to-port 3128 > The purpose of the rule is that all web traffic is captured by a proxy > listening to a local port. Now the question: > How does the proxy get to know the original destination IP address and > port? By looking into the HTTP-request, perhaps? If so, what if the > application protocol (some other than HTTP) does not contain the > destination URL? Because clients now use HTTP/1.1, which requests contains destination host name : GET / HTTP/1.1 host: www.google.com This is the way name virtual hosts work, and so transparent proxying. -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
