Nicolas Fritsch wrote:
> 3. I use transparent proxying with ipnat (on FreeBSD 4.4). I set
> http_accel_uses_host to off to force squid to query the NAT each
> time, but it didn't work, because it had the wrong server port.
All transparently intercepting proxies MUST use the following
configuration
httpd_accel_host virtual
httpd_accel_uses_host_header on
httpd_accel_port 80
These directives control how Squid reconstructs the requested URL
from the request, not how Squid finds which server to forward the
request to.
Squid does not have the functionality to forward the request to the
same IP address as the request was originally intercepted for. It
always makes a new DNS lookup. The only exception is if the user
actually requested the site by IP address in the request.
The reason to this is twofold
* Security, preventing users from polluting the cache by connecting
to another IP address than one of the requested site..
* Simplicity, "transparent proxying" is done exacly in the same way
as normal proxying.
If Squid were to use the originally requested IP address then a
special proxy mode for transparent proxying needs to be implemented,
where the content is cached per IP+hostname and not only hostname,
and where the cache cannot participate in HTTP cache meshes (neither
HTTP, ICP or HTCP supports such requests)
Regards
Henrik Nordström
Squid Developer
Received on Sat Feb 16 2002 - 06:50:48 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:23 MST