Search squid archive

3.3.8 disconnecting in intercept mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When I have squid set to act as a normal proxy (http_port 3128) and set my browser to use squid as a proxy, things work just fine.

When I set squid transparent (http_port 3128 intercept) and then redirect normal outbound port 80 traffic to squid (with my browser unaware that it's being proxied), squid goes through the three way handshake process, gets my request, and dumps me:

$ curl -v http://www.darkmaze.org
* Adding handle: conn: 0x801c63600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x801c63600) send_pipe: 1, recv_pipe: 0
* About to connect() to www.darkmaze.org port 80 (#0)
*   Trying 66.199.250.235...
* Connected to www.darkmaze.org (66.199.250.235) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.31.0
> Host: www.darkmaze.org
> Accept: */*
>
* Empty reply from server
* Connection #0 to host www.darkmaze.org left intact
curl: (52) Empty reply from server

I compiled squid myself with the following parameters:

Squid Cache: Version 3.3.8
configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-internal-dns' '--disable-strict-error-checking' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--disable-dependency-tracking' '--enable-arp-acl' '--enable-follow-x-forwarded-for' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-referer-log' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log' '--enable-wccpv2' '--enable-esi' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'LDFLAGS=-pie' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' '--enable-ecap' '--enable-http-violations' 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig' --enable-ltdl-convenience

I tried gutting my acls to see if that might have an effect, but it did not. Am I encountering some kind of bug, or merely doing something colossally stupid? See config, below:

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
http_access allow all

http_port 3128 intercept
#http_port 3128

coredump_dir /var/cache/squid

forwarded_for transparent
via off

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux