RE: A few patches

From: Steven Wilton <>
Date: Tue, 13 Mar 2007 15:46:12 +0900

> -----Original Message-----
> From: Adrian Chadd []
> Sent: Tuesday, 13 March 2007 3:14 PM
> To: Steven
> Cc:
> Subject: Re: A few patches
> On Tue, Mar 13, 2007, Steven wrote:
> This bit is clever! Don't use a CONNECT to port 80 though;
> try to find out which port
> it was connecting to in the first place and append that. It
> won't always be port 80.
> (Imagine if someone wanted to feed more than just port 80
> through Squid transparently;
> the current code handles that.)

Good point. The only problem is that (under Linux at least) we can't find
out the original destination port (ie if traffic destined for port 80 is
redirected to port 3128). Would you suggest this as a configuration option
on a per-port basis? (ie squid can listen to multiple ports, and the port
that the connection arrives on is used to determine the destination port).

> Make this configurable though. You don't want to allow people
> to tunnel non-resolvable
> stuff through without the administrator explicitly deciding to.

You need to have an ACL that allows CONNECT requests destined for port 80,
otherwise you will get an ACL denied message :)

> Nah, just extend commConnectStart() and don't bother with the
> commConnectStart2() stuff.
> I admit I'm guilty of this kind of thing but it should only
> be temporary; never
> permanent.

If there's no objections to applying this change (in principle), I'll
re-work it to extend commConnectStart().

> Nice work though!



No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.10/720 - Release Date: 12/03/2007
7:19 PM
Received on Tue Mar 13 2007 - 00:46:25 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Apr 01 2007 - 12:00:01 MDT