Well , what I have done is : I configured squid http_port xx and http_port xxy intercept And uses iptables to redirect http & https to squid ports But it don’t work and I have logs : 1448121527.423 10.1.1.1 TCP_MISS/503 4183 GET http://cnn.com/ - ORIGINAL_DST/10.159.144.206 text/html 1448121554.217 10.1.1.1 TCP_MISS/503 4771 GET http://cnn.com/ - ORIGINAL_DST/10.159.144.206 text/html 1448121555.574 10.1.1.1 TCP_MISS/503 4685 GET http://cnn.com/favicon.ico - ORIGINAL_DST/10.159.144.206 text/html As u see the ds tip is wrong and its spoofed with 10.159.144.206 So how to let squid bypass checking it ? Is my way above wrong ? U say we need proxy mode ?? How should I implement proxy mode since user will not put ip:port in his browser Thanks a lot for helping cheers -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Antony Stone Sent: Tuesday, November 24, 2015 3:18 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: TCP-MISS 503 for wrong destination ip On Tuesday 24 November 2015 at 13:13:17, Ahmad Alzaeem wrote: > Guys I understand that > > The question is being asked , can squid fix this issue or not? Yes, provided you use it in configured-proxy mode, instead of intercept mode. Antony. > -----Original Message----- > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] > On Behalf Of Antony Stone Sent: Tuesday, November 24, 2015 2:42 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: TCP-MISS 503 for wrong destination ip > > On Tuesday 24 November 2015 at 12:22:40, Ahmad Alzaeem wrote: > > Hi Devs , > > > > I have a server that send to squid http/https with wrong destination > > ips > > It has already been recommended that you fix your DNS so that it works > correctly / normally. > > > So assume I want to open google > > > > The request hit the squid with https/http packet with payload > > www.google.com <http://www.google.com> with ds tip 10.0.0.1 not > > the real ds tip of google like 74.125.x.x > > Is 10.0.0.1 the IP address of your Squid server? > > > The question is being asked here is . > > > > Is it possible to let squid to do another resolving again and chck > > the right dst ip (74.125.x.x) and reach it ? > > Yes - turn off intercept mode, and point the client specifically at > Squid as a configured proxy. The client will then not attempt a DNS > lookup for the destination server, but will simply send the entire > request to Squid for it to look up where to send the request. > > > Regards, > > > Antony. -- BASIC is to computer languages what Roman numerals are to arithmetic. Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
