[squid-users] Re: Pbs with ipnat and range requests

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 16 Feb 2002 14:40:06 +0100

Nicolas Fritsch wrote:

> 3. I use transparent proxying with ipnat (on FreeBSD 4.4). I set
> http_accel_uses_host to off to force squid to query the NAT each
> time, but it didn't work, because it had the wrong server port.

All transparently intercepting proxies MUST use the following

   httpd_accel_host virtual
   httpd_accel_uses_host_header on
   httpd_accel_port 80

These directives control how Squid reconstructs the requested URL
from the request, not how Squid finds which server to forward the
request to.

Squid does not have the functionality to forward the request to the
same IP address as the request was originally intercepted for. It
always makes a new DNS lookup. The only exception is if the user
actually requested the site by IP address in the request.

The reason to this is twofold
  * Security, preventing users from polluting the cache by connecting
to another IP address than one of the requested site..
  * Simplicity, "transparent proxying" is done exacly in the same way
as normal proxying.

If Squid were to use the originally requested IP address then a
special proxy mode for transparent proxying needs to be implemented,
where the content is cached per IP+hostname and not only hostname,
and where the cache cannot participate in HTTP cache meshes (neither
HTTP, ICP or HTCP supports such requests)

Henrik Nordström
Squid Developer
Received on Sat Feb 16 2002 - 06:50:48 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:23 MST