Re: squid+transparent proxy

From: Evren Yurtesen <yurtesen@dont-contact.us>
Date: Thu, 13 Aug 1998 01:48:23 +0300

hello,
sorry I am sending this again but I checked that list of things which I may
do...
now I have some questions...
* Deny Squid from fetching objects from itself (using ACL lists).
well, partially works, now I am not able to use cachemgr.cgi though
* Apply a small patch that prevents Squid from looping infinitely
(available from http://hem.passagen.se/hno/squid/)
ohm, I do not know how to apply patches yet...I feel like a little bit
stupid
now but I guess it is not my fault that I do not know something...
i may learn though, so if you tell me how I may apply the patch
I would appreciate it, also where I may find information about applying
patches?
* Don't run Squid on port 80, and redirect port 80 not destinated for
the local machine to Squid (redirection == ipfilter/ipfw/ipfadm). This
avoids the most common loops
well, this looks fine...I will try it soon...
* If you are using ipfilter then you should also use transproxyd in
front of Squid. Squid does not yet know how to interface to ipfilter
(pathes are welcome: squid-bugs@ircache.net).
I am using ipfilter but not transproxyd, also my proxy works just
fine, I could not understand why I need transproxyd ???

thanks for patience : )
Evren

Henrik Nordstrom wrote:

> Evren Yurtesen wrote:
> > now I have this problem, the machine is trying to connect to itself...
>
> I think almost everyone who have tried to build a transparent proxy
> setup have been bitten by this one.
>
> Measures you can take:
> * Deny Squid from fetching objects from itself (using ACL lists).
> * Apply a small patch that prevents Squid from looping infinitely
> (available from http://hem.passagen.se/hno/squid/)
> * Don't run Squid on port 80, and redirect port 80 not destinated for
> the local machine to Squid (redirection == ipfilter/ipfw/ipfadm). This
> avoids the most common loops.
> * If you are using ipfilter then you should also use transproxyd in
> front of Squid. Squid does not yet know how to interface to ipfilter
> (pathes are welcome: squid-bugs@ircache.net).
>
> ---
> Sparetime Squid Hacker
Received on Wed Aug 12 1998 - 15:49:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:30 MST