On Mon, Aug 4, 2008 at 2:00 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > Jordi Prats wrote: >> >> On Mon, Aug 4, 2008 at 1:33 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> >> wrote: >>> >>> Jordi Prats wrote: >>>> >>>> Hi all, >>>> I've a transparent proxy using iptables+squid. It's possible to >>>> instruct squid to proxy only if the URL does not contain a given >>>> string? >>>> >>>> For example, if you try to access to >>>> http://lol.example.com/ALLOWEDSTRING/page.html through squid, it >>>> should allow direct access. >>>> >>>> Anyone have a setup like this? >>> >>> Once the request has reached Squid its impossible to stop it reaching >>> Squid. >> >> So, how can it be configured as invisible as possible? I'm trying to >> setup a honeyspot using squid to analyze HTTP data. >> > > Okay. > Two questions to help me out with my suggestions: > > Exactly what type of helper software are you using to do the analysis? > (by helper style I mean: ICAP scanner, redirector capture, log analysis, > etc.) I've setup a gateway to NAT all allowed traffic, except traffic that goes to port 80, with I redirect to squid (from iptables): 86 4128 REDIRECT tcp -- eth3 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 By now, I'm using a squid log analysis tool to extract a navigation history. (It's enough for me) > ... and why do you need to exclude certain requests? > (known good sources, from the helper software itself, etc?) I need to exclude requests to any url that contains a string like "proxytest" to hide my proxy because recently I've seen this URL in squid's accesslog: http://blablabla/proxytest/blablabla If it's not possible to skip this type of requests, could you please give me any hints in order to setup a squid as transparent as possible? regards, >> >>> What you need is a WPAD/PAC setup for clients browsers. >>> >>> Though there is really no good reason why you can't just proxy straight >>> through for all HTTP requests. The limit usually comes down to broken web >>> server apps. >>> >>> Amos > > > > Amos > -- > Please use Squid 2.7.STABLE3 or 3.0.STABLE8 > -- Jordi
