Search squid archive

Re: intercepting traffic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/18/2015 10:42 PM, Amos Jeffries wrote:

On 19/11/2015 3:08 p.m., Brendan Kearney wrote:

I am trying to set up a transparent, intercepting squid instance, along
side my existing explicit instance, and would like some input around
what i have buggered up so far.

i am running HAProxy in front of two squid instances, with the XFF
header added by HAProxy.  My squid configs are all set to follow the XFF
for the real source and logging is setup around digesting XFF for the
source.

i took my config and added:
http_port 192.168.88.1:3129 intercept

This tells Squid you are intercepting the traffic between HAProxy and Squid.

You describe HAProxy as explicitly sending traffic to the Squid, so
there is no need for interception into Squid.


this tells me that i am getting to the squid instances via the load
balancer, but i am running into the "NAT must occur on the squid box"
rule, i think.

Yes. That rule and the intercept option that cause it does not apply
when the software sending traffic to Squid is explicitly configured.
Such as you describe HAProxy being.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
when i put in just the DNAT that sends the traffic to the proxy VIP and load balances the requests to the squid instances on port 3128 (not the intercept port), i issue a curl command: 

curl -vvv --noproxy squid-cache.org http://squid-cache.org/

and get an error page saying:

...
<p>The following error was encountered while trying to retrieve the URL: <a href="/">/</a></p> 

<blockquote id="error">
<p><b>Invalid URL</b></p>
</blockquote>

<p>Some aspect of the requested URL is incorrect.</p>

<p>Some possible problems are:</p>
<ul>
<li><p>Missing or incorrect access protocol (should be <q>http://</q> or similar)</p></li> 
<li><p>Missing hostname</p></li>
<li><p>Illegal double-escape in the URL-Path</p></li>
<li><p>Illegal character in hostname; underscores are not allowed.</p></li>
</ul>
is the DNAT stripping header info, such as the Host header, or am i still missing something? 

thanks,

brendan
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux