Re: Help with transparent cache

From: Matt Ashfield <>
Date: Fri, 22 Oct 1999 14:09:42 -0300


THanks for the response. I obviously have some learning to do, but my basic
quesiton is to run squid as a transparent cache do I need a firewall?



-----Original Message-----
From: Dave J Woolley <>
To: '' <>
Date: Friday, October 22, 1999 11:55 AM
Subject: RE: Help with transparent cache

>> From: Matt Ashfield []
>> I'm new to squid, so I apologize if this is a newbie question. I'm trying
>> to
>> set up a transparent webcache using squid.
> This should be treated as an advanced TCP hackers question,
> not a newbie question - things will work much better from a
> technical point of view if you use the web server the way
> it was intended to be used.
>> - Users requests a web page from webserver
> Browser looks up the first matching valid IP address for the
> server and tries to send to that.
>> - router routes the request to the squid box
> Somehow communicating the existing destination IP address
> (I don't know the details of the CISCO method, but the Linux
> method is that the router and squid box must be the same and
> the intercepted IP address is treated as a transient alias
> of the squid box address.)
> Alternatively, the browser uses the HTTP/1.1 Host header to indicate
> the real target.
>> - squid does what squid is supposed to do and returns either a cached
>> version of the requested web page or goes to the webserver and returns
>> one
>> from there.
> Squid looks up the IP address that it is pretending to be for this
> request, to find the real host name, or uses the HOST header, and
> processes the resulting request as though it had been a proxy
> (with the destination host in the actual URL).
> If the reverse look up fails, it probably uses the IP address; if
> first IP address for the service is down, the request fails.
> The firewall recognizes that the forwarded request comes from the
> squid box and handles it normally rather than hacking it back to
> the squid box.
> Meanwhile, the client doesn't believe that there is a proxy, so will
> not do any of the processing it would normally do for for a proxy
> request.
Received on Fri Oct 22 1999 - 11:20:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:01 MST