Search squid archive

Re: Identifying intercepted clients

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/04/2016 4:22 a.m., Brendan Kearney wrote:
> with fedora 24 being released in a couple months, haproxy v1.6.x will be
> available, and the ability to easily intercept HTTP traffic will be in
> the version (see the set-uri directive).  with v1.6 i will be able to
> rewrite the URL, so that squid can process the request properly.

That does not make sense. Intercepting and URL-rewriting are completely
different actions.

The Squid-3.5 and later versions are able to receive PROXY protocol
headers from HAProxy. You may find that much better than fiddling around
with URLs and available in your current HAProxy.


>  my
> problem is that i run authenticated access on the proxy, and will need
> to exempt the traffic from that restriction.
> 

What restriction?


> what mechanisms can i use to identify the fact that the client traffic
> has been intercepted, so that i can create ACLs to match the traffic?  i
> don't want to use things like IPs or User-Agent strings, as they may
> change or be unknown.

Only the interceptor can do that traffic distinction. Once traffic gets
multiplexed the information is lost.

> 
> i was thinking about sending the intercepted traffic to a different
> port, say 3129, and then using localport to identify the traffic. with
> an ACL, i would exempt the traffic from auth, etc.  are there better
> options?  how are other folks dealing with intercepted and explicit
> traffic on the same box?

That would be one fairly good way to distinguish the traffic types. So
why is the URL fiddling happening?

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux