On 09/11/10 00:11, Leonardo wrote:
Hi Amos,
On Sun, Nov 7, 2010 at 5:12 AM, Amos Jeffries<squid3@xxxxxxxxxxxxx> wrote:
http_port 3128 intercept
I have changed the config from "http_port 3128 transparent" to
"http_port 3128 intercept", but I see no change in the behaviour.
You will also need a separate port for the normal browser-configured and
management requests. 3.1 will reject these if sent to a NAT interception
port.
I don't get this. Could you please be so kind to explain, or to point
me to a page in the documentation?
Ah, sorry I was mixing up me modes and versions. The statement was wrong
about the rejections. It's just a LAN-wide exploitable security hole.
Also check the squid access.log. This will determine whether it is the ASA
side or the Internet side of Squid which then needs to be tcpdumped for port
80 to find out whats going on.
The file access.log is empty.
So the ASA side. Now you know were to look for the mysterious missing
packets.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.9
Beta testers wanted for 3.2.0.3
