Re: Transparent Proxy and rewritten URL's

From: Henrik Nordström <hno@dont-contact.us>
Date: Tue, 09 Jun 1998 23:30:51 +0200

Simon Richards wrote:
>
> First my setup:
>
> Cisco 2509 running IOS 11.2
> PC running Linux 2.0.34
> Squid 1.NOVM.20 running on port 8080, httpd_accel is virtual 8080
> ipfwadm 2.3.0
...
> investigation I discovered that an address eg http://203.55.198.1 was
> getting :8080 appended to it. So of course when squid tried contacting the

First of all

httpd_accel virtual 80

Then you SHOULD patch (or upgrade to .21) your Squid to handle
httpd_accel virtual AND httpd_accel_uses_host_header on at the same
time. Without support for Host: headers you break Host: based virtual
servers, and without support for "virtual" you break old clients not
sending Host: headers..

The simple patch is available from http://hem.passagen.se/hno/squid/
(it's marked as old as it is part of 1.1.21)

Recommended squid.conf setup for transparent proxies is

# Accelerate all requests based on their destination IP
httpd_accel virtual 80
# Use Host: headers if available (else the IP is used)
httpd_accel_uses_host_header on
# Allow clients to configure us as a proxy
httpd_accel_with_proxy on

and don't run Squid on port 80 if the transproxy TCP support (ipfilter)
allows you to use a different port. It's to easy to bite yourself if you
do.

---
Henrik Nordström
Sparetime Squid Hacker
Received on Tue Jun 09 1998 - 17:38:52 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:40 MST