On 16.09.19 05:45, sknz wrote:
[Updated] I'm trying to configure Squid 3.5.3 for access controller/captive portal last few days. #1 For this config, on client device: *URL could not be retrieved - Invalid Url* http_port 3128 #2 Squid log throws an Error - No forward port http_port 3128 intercept #3 On client device: *URL could not be retrieved - Invalid Url* http_port 3128 http_port 3127 intercept #4 On client device: Unable to forward this request http_port 3128 accel #5 Now this works! http_port 3128 accel allow-direct Under same settings in other things, I've changed Squid config # 1 to 5, can you guess what's happening here? What's so special about "allow-direct" here? Why transparent proxy is not working? Why forward proxy is working only with "allow-direct"?
first, configure proxy with port3128 without "accel", "intercept", "tproxy", and "ssl-bump". port 3128 should not use first three, and using the fourth can make things more compicated. then, cofigure your browser to use proxy at port 3128. This must work. "accel" and further "allow-direct" should be used on reverse proxies, not when you use proxy for connecting clients to the world. They need proper configuration on squid. They must not be used on forward proxy ports. "intercept" and further "tproxy" should be used on different port, both need special configuration on the router/firewall. Note that clients with explicit proxy should not connect to intercept port, and clients without explicit proxy should not connect to the standard 3128 port without intercept and tproxy. when using intercept, you should allow connections from proxy to the world and not redirect them back to the proxy. As I have already said, if you use solutions like coovachilli, they should provide instructions on how to configure intercepting proxy. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users