Search squid archive

Re: FW: Encrypted browser-Squid connection errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/25/22 2:43 AM, Matus UHLAR - fantomas wrote:
if by "transparent" you mean "intercepting" proxy, that is incorrect

By "transparent" I mean using network techniques to force clients to use a proxy that aren't themselves aware that they are using a proxy.

CONNECT is HTTP command designed for use with explicit HTTP proxy.

Agreed.

But what does Squid do differently after recognizing the request from the client; be it a GET, PUT, POST, or even a CONNECT; the former being transparent with the latter being explicit. Squid will still proxy the request as it understands it dependent on configuration, ACLs, etc.

I currently maintain that there is little difference, other than the VERB used, between transparent and explicit proxy configuration. Squid still largely does the same thing.

Or said another way, all Squid needed to do to be able to support both transparent and explicit was to understand the additional VERBs. Much of the rest of the code was unchanged.

To me there is not a fundamental difference, beyond initial VERBs, for transparent and explicit configuration. At least not anything like the differences between FTP, HTTP, and ICP. Each of which are fundamentally different protocols. Conversely transparent vs explicit is an extension of one protocol, namely HTTP.

ok, there's no explicit need. And since there's no explicit need to use port 80 for HTTP proxy, the convention is to use different port because of reasons stated before.

So port 3128 is based on convention. And that convention requires more explicit configuration in clients. Okay. So be it.

These are the FTP protocol "hacks" I mentioned before.
The HTTP protocol was created with proxying in mind, FTP was not.
using specially crafted login name for connecting to anoter server is one of those hacks.

Okay.

I (mis)took "hacks" to be things more severe like is typically done with proxifiers used with SOCKS servers, e.g. altering / overloading system library calls.



--
Grant. . . .
unix || die

<<attachment: smime.p7s>>

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux