On 23/04/11 17:23, Andreas Braathen wrote:
Hi,
I've noticed that squid manipulates the headers/traffic from a source
towards a destination. The squid is acting like a mediator with my
config - how is it possible to forward the exact header retrieved
from a client without squid changing it?
There is no "Retrieved" from the client. It is *sent* by the client.
All headers are passed unchanged unless RFC 2616 explicitly states that
it SHOULD or MUST be changed. The change performed matches RFC requirements.
To make Squid do otherwise is an RFC violation and requires manual
configuration. "squid -k parse" should complain/warn about all
"violation" settings you have added.
To make an example: |source|<-----> |squid|<----->
|destination|
Source is sending a GET request to destination:
"http://domain.com:443/path";. Squid sees that the URL is not a HTTP
request, but a port 443 (i.e. HTTPS), and therefore sending a
SYN-packet to the destination to establish an SSL connection.
Yes. IANA has reserved port 443 for HTTPS protocol.
http://www.iana.org/assignments/port-numbers
What Squid does depends on the traffic "mode".
* Forward proxy mode should see the "http://"; and label it for HTTP
outgoing.
* The various other modes will never see the "http://"; part of the URL
and must assume the protocol flowing over port 443 is the protocol which
is supposed to be there.
I think this _only_ applies with HTTP -> HTTPS traffic and not HTTP
-> HTTP.
Andreas
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.7 and 3.1.12.1
