Search squid archive

Re: Transparent / Standard mode comparative

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le mercredi 12 octobre 2011 à 16:27 +0530, nipun_mlist Assam a écrit :
> > Just a question Nipu,
> >
> > what are real benefits to use "Tproxy" instead just set an iptables
> > rules and set squid as transparent mode ?
> >
> >
> Actually, I was referring squid with tproxy, where we configure squid
> something like as given below:
> http_port  85 tproxy
> http_port  86 ssl-bump cert=/extra/squid/etc/Centos6.0.pem tproxy
> 
> Yes, we need the iptables rules and squid has to listen transparently
> on some ports.
> But, here squid is supposed the spoof the client IP and the root web
> servers should not see the client (http client machine) IP. But that
> is not happening.
> Secondly, it doesn't work with HTTPs traffic.
> 
> transparent proxy should be able to transparently send and receive
> data without the client and servers being aware of a proxy in between.
> If the web server sees the squid IP in stead of the client IP, then I
> think, it is not fully transparent.
> 
> -Nipun
> 
> On Wed, Oct 12, 2011 at 2:15 PM, David Touzeau <david@xxxxxxxxxx> wrote:
> > Le mercredi 12 octobre 2011 à 09:46 +0530, nipun_mlist Assam a écrit :
> >> Squid in tproxy mode, doesn't work with HTTPS most probably. Secondly,
> >> it doesn't spoof the client IP. I have fixed the issues for my work.
> >> But wondering if the fix is already available somewhere.
> >> -Nipu
> >>
> >> On Tue, Oct 11, 2011 at 4:32 PM, David Touzeau <david@xxxxxxxxxx> wrote:
> >> > Le mardi 11 octobre 2011 à 11:50 +0200, Fred B a écrit :
> >> >> ----- "David Touzeau" <david@xxxxxxxxxx> a écrit :
> >> >>
> >> >> > Dear all
> >> >> >
> >> >> > I would like to know what are the limitations using squid in
> >> >> > transparent
> >> >> > mode between using squid in standard mode
> >> >> >
> >> >> > I know there are
> >> >> >
> >> >> > Transparent mode limitations :
> >> >> > No user authentication method.
> >> >> > No all HTTPS features.
> >> >> >
> >> >> > Is someone know what are others limitations ?
> >> >> >
> >> >> > Best regards.
> >> >>
> >> >> Hi David
> >> >>
> >> >> See http://wiki.squid-cache.org/SquidFaq/InterceptionProxy -> Concepts of Interception Caching
> >> >>
> >> >> Fred
> >> >
> >> >
> >> > Thanks Fred, this is what i would like to find !
> >> >
> >> >
> >
> >
> > Just a question Nipu,
> >
> > what are real benefits to use "Tproxy" instead just set an iptables
> > rules and set squid as transparent mode ?
> >
> >


But what are impacts between this

http_port  85 tproxy

against this

http_port  85 transparent







[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux