On 4/04/2016 4:22 a.m., Brendan Kearney wrote: > with fedora 24 being released in a couple months, haproxy v1.6.x will be > available, and the ability to easily intercept HTTP traffic will be in > the version (see the set-uri directive). with v1.6 i will be able to > rewrite the URL, so that squid can process the request properly. That does not make sense. Intercepting and URL-rewriting are completely different actions. The Squid-3.5 and later versions are able to receive PROXY protocol headers from HAProxy. You may find that much better than fiddling around with URLs and available in your current HAProxy. > my > problem is that i run authenticated access on the proxy, and will need > to exempt the traffic from that restriction. > What restriction? > what mechanisms can i use to identify the fact that the client traffic > has been intercepted, so that i can create ACLs to match the traffic? i > don't want to use things like IPs or User-Agent strings, as they may > change or be unknown. Only the interceptor can do that traffic distinction. Once traffic gets multiplexed the information is lost. > > i was thinking about sending the intercepted traffic to a different > port, say 3129, and then using localport to identify the traffic. with > an ACL, i would exempt the traffic from auth, etc. are there better > options? how are other folks dealing with intercepted and explicit > traffic on the same box? That would be one fairly good way to distinguish the traffic types. So why is the URL fiddling happening? Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
