Search squid archive

Re: 3.3.8 disconnecting in intercept mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 20/07/2013 5:07 a.m., Guy Sass wrote:
When I have squid set to act as a normal proxy (http_port 3128) and set my browser to use squid as a proxy, things work just fine.

When I set squid transparent (http_port 3128 intercept) and then redirect normal outbound port 80 traffic to squid (with my browser unaware that it's being proxied), squid goes through the three way handshake process, gets my request, and dumps me:
<snip>
I tried gutting my acls to see if that might have an effect, but it did not. Am I encountering some kind of bug, or merely doing something colossally stupid? See config, below:

There are two things in the config which might be hiding this type of problem.


http_port 3128 intercept
#http_port 3128

You appear to have no separate forward-proxy and intercept-proxy ports. Squid generates content in things like error pages which need to be served up in forward-proxy or "accel" mode ports. If you serve them from intercept-ports you end up with forwarding loops that can kill the whole machine - that would appear as Squid "disconnecting". Since Squid does or the machine goes down there is nothing logged about such problems in access.log unless they are detected and halted by forwarding loop protection ...



coredump_dir /var/cache/squid

forwarded_for transparent
via off


"via" feature of HTTP is used by Squid to detect and terminate forwarding loops before they get anywhere near causing major issues. You are using "forwarded_for" in one of the new privacy settings, there is little gained by disabling via as well and everything to loose.

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux