2008/12/19 Bin Liu <binliu.lqbn@xxxxxxxxx>: >> I'm interested to know if you have managed to get this working >> reliably for your ISP environment? > Not yet. We are still doing some test in our own environment. Bin, Thanks for your reply. We're working on a Squid configuration for ISP customers and it would be really interesting to hear about any potential problems with this configuration. >> How far have you gone to make Squid truly transparent eg >> * suppressing the Squid headers, error messages etc. >> * Is there any way to configure Squid / Cisco to give SYN_ACK, >> "connection refused" and ICMP "host unreachable" responses rather than >> Squid error messages? >> * Can you force Squid to make its request from the same source port >> as the client. > > You mean totally transparent and the clients don't even know the > existence of squid by any means? It seems a little bit difficult... Yeah, I agree. It's going to be impossible to totally hide Squid, but we're going to do as much as we can. >> * If someone uses port 80 for a protocol other than http, can Squid >> reject the redirected traffic in such a way that it is passed through >> directly instead? > > WCCPv2 can support this feature by Packet Return Method. (See > http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/wccp.html, > search "Web Cache Packet Return". Also mentioned in your url: > http://bazaar.launchpad.net/~squid3/squid/3.1/annotate/9363?file_id=draftwilsonwccpv212o-20070417152110-s6qkuxj8uabe-1) > But Henrik said squid hadn't implemented this feature yet. (See > http://www.squid-cache.org/mail-archive/squid-users/200811/0130.html) Thanks for the links. -RichardW. -- Richard Wall Support Engineer ApplianSys Ltd http://www.appliansys.com (t) +44 (0)24 7643 0094 (f) +44 (0)87 0762 7063 (e) richard.wall@xxxxxxxxxxxxxx
