Amos Jeffries wrote on 03/10/2015 01:50 PM:
On 11/03/2015 1:29 a.m., Klavs Klavsen wrote:
Hi,
I just setup a squid trying to get it to work in intercept mode..
I seem to hit some squid internal loop where it goes haywire internally
somehow?
You have explicitly configured Squid instructing it that traffic
arriving on port 3129 has been intercepted.
You then sent Squid a port-80 syntax message with TCP packet destination
IP:port of 127.0.0.1:3129.
port 80 syntax?
It is for this reason that all our interception tutorials state in bold
that its a very good idea to firewall the 3129 port such that no
software, even localhost may send traffic directly into it.
ahh.. I was hoping to have a loadbalancer in front of squid (haproxy) -
to have failover, if squid server should fail..
I'm trying to read and understand:
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#Concepts_of_Interception_Caching
when nat'ing - doesn't squid just get the rewritten package (which would
have port 3129 in the tcp dest. port field?)
ie. how can it discern a package send directly to port 3129 - with data
containing f.ex.:
GET / HTTP/1.1
Host: www.bt.dk
with one just sent directly to that port?
I seem to be failing to understand wherein the difference lies :(
I can see that one can choose to use GRE encapsulation - but that is
stated to be optional..
--
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
