> I am running squid 2.5 on OSX, transparently using a Cisco 806 running > IOS 12.3(15) > > The way I understand is that all port 80 traffic is intercepted by the > cisco, which issues an icmp redirect with my squid server's ip address That´s not at all what happens. The idea is that the interceptor fetches the url fooling the browser, so that it thinks it is directly connected to the remote website. Perhaps defeating transp. proxy setups maybe the overall good thing. Here´s my usual plea-agains-transp-proxying-list : - Intercepting HTTP breaks TCP/IP standards because user agents think they are talking directly to the origin server. - It causes path-MTU to fail. Possibly making the website not accessible. - As a result for instance on older IE versions ; "reload" did not work as expected. - You can't use proxy authentication - You can't use IDENT lookups - Intercepting proxies are incompatible with IP filtering designed to prevent address spoofing. - Clients are still expected to have full Internet DNS resolving capabilities , when in certain Intranet/Firewalling setups , this is not always wanted. - Related to above : because of transp. proxy setup : a browser connects to a site which is down.HOWEVER , due to the transparant proxying setup. It gets a connected state to the interceptor. The end user may get wrong error messages or a browser, seemingly doing nothing anymore. M.
