Here is what I have in mine: Stock config file with the following changes: httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on acl PURGE method PURGE acl localhost src 127.0.0.1 http_access allow PURGE localhost http_access deny PURGE acl CGI url_regex .cgi$ acl PHP url_regex .php$ acl ASP url_regex .asp$ acl ASPNET url_regex .aspx$ no_cache deny CGI no_cache deny PHP no_cache deny ASP no_cache deny ASPNET For IPTables I have added the following line: eth0 being INET, eth1 being LAN -A PREROUTING -o eth0 -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 This way when I access my internal httpd server on the same box it won't try to proxy it. There is also a ACL that must be disabled in the squid file acl deny all (I think). Hope that helps. > -----Original Message----- > From: Evan Fribourg [mailto:evan@xxxxxxxxxxxxxxxxxxx] > Sent: Monday, July 31, 2006 11:05 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: RE: Redirect to squid with IPTABLES > > > You could try this: > > If you did not set up the proxy in your browser (and I think > > so), you should activate "transparent proxying" in your > > squid.conf. In this case, you would redirect the traffic with > > dport 80 to <squid-host>:80, not 3128. The difference is that > > your browser does not know to use a proxy, but you are > > redirecting this foward to a proxy. Thus the proxy should > > work with transparent proxying, cause this is what you want > > squid to do. > > Well, the server that I'm redirecting to already has apache on port 80, > and > I don't want to put squid in front of it at this point. I just need squid > to retrieve internet requests, which is why I'm leaving it on 3128. > > In the squid.conf, I put: > http_port 3128 transparent > > And I get: > ERROR > The requested URL could not be retrieved > > While trying to retrieve the URL: http://www.google.com > > The following error was encountered: > > * Unable to forward this request at this time. > > This request could not be forwarded to the origin server or to any parent > caches. The most likely cause for this error is that: > > * The cache administrator does not allow this cache to make direct > connections to origin servers, and > * All configured parent caches are currently unreachable. > > Your cache administrator is webmaster. > > In the cache.log I see: > 2006/07/31 10:57:07| Accepting transparently proxied HTTP connections at > 0.0.0.0, port 3128, FD 11. > 2006/07/31 10:57:07| Ready to serve requests. > 2006/07/31 10:57:53| WARNING: transparent proxying not supported > 2006/07/31 10:57:53| Failed to select source for 'http://www.google.com' > 2006/07/31 10:57:53| always_direct = 0 > 2006/07/31 10:57:53| never_direct = 0 > 2006/07/31 10:57:53| timedout = 0 > > In access.log I see: > 1154368853.534 12 <my_ip> TCP_MISS/503 1638 GET > http://mail.google.com/ > - NONE/- text/html > > I'm assuming I'm missing something in the conf...? > > Kind regards, > > Evan Fribourg > Web Application Developer
