On 12/09/19 8:43 pm, sknz wrote: > I'm running a hotspot(CoovaChilli, Freeradius, etc.) server where > Squid-3.4.8(SSL enabled) for caching and logging. My machine is running on > Debian 8.1.1 with 2 NIC card. One for WAN and another for LAN to manage > hotspot AP(s). > > ERROR > The requested URL could not be retrieved > > Below configuration is throwing this above error page : > http_port 3128 > http_port 3127 intercept > > Instead, I have to use this : > http_port 3128 accel vhost allow-direct > (Congratulations you now have CVE-2009-0801) > Now it works! Squid is not throwing any error log for both cases. Why > INTERCEPT is not working? Because "The requested URL could not be retrieved". intercept means take the origin server details from the NAT system. Squid will act as transparently as possible, sending the traffic on to the same server IP address the client was trying to deliver that request to. accel means Squid is providing CDN services for the domain being fetched. It has full authority as the origin server and any source of data is accepted as valid response to the client. Without any further information I guess that Squid is not able to connect to the dst-IP the client is trying to connect to. But when DNS is consulted in Squid's role as CDN, one of the domains other IP addresses works. ... or maybe the client was actually not going to the server its TCP claims and you just let malware loose. (All those firewall settings mean nothing without details about which IPs Squid is using and which NIC is which.) Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
