On 10/25/22 2:43 AM, Matus UHLAR - fantomas wrote:
if by "transparent" you mean "intercepting" proxy, that is incorrect
On 25.10.22 09:47, Grant Taylor wrote:
By "transparent" I mean using network techniques to force clients to
use a proxy that aren't themselves aware that they are using a proxy.
I prefer to explicitly state what one means by transparent because RFC2616
has defined transparent proxy diferently:
A
"transparent proxy" is a proxy that does not modify the request or
response beyond what is required for proxy authentication and
identification.
term "interception proxy" better defines what happens here:
Instead, an
interception proxy filters or redirects outgoing TCP port 80 packets
(and occasionally other common port traffic).
CONNECT is HTTP command designed for use with explicit HTTP proxy.
Agreed.
But what does Squid do differently after recognizing the request from
the client; be it a GET, PUT, POST, or even a CONNECT; the former
being transparent with the latter being explicit. Squid will still
proxy the request as it understands it dependent on configuration,
ACLs, etc.
FYI, Intercepting proxy must use measures to avoid host header forgery:
https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery
https://www.kb.cert.org/vuls/id/435052
squid must find out the original destination IP used and check, while in
explicit mode it makes no sense.
These are the FTP protocol "hacks" I mentioned before.
The HTTP protocol was created with proxying in mind, FTP was not.
using specially crafted login name for connecting to anoter server
is one of those hacks.
Okay.
I (mis)took "hacks" to be things more severe like is typically done
with proxifiers used with SOCKS servers, e.g. altering / overloading
system library calls.
this is a bit different kind of hacks.
Generally the SOCKS library know where/how to connect, socks wrappers (like
socksify, tsocks, proxychains) are used to make other software use socks
proxy even if it does not support it.
and of course socks is generic bidiretional tcp/udp proxy, which makes it
possible to implement it near over any kind of communication.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users