Re: [squid-users] squid cannot get some pages

From: Alexey Talikov <alexey_talikov@dont-contact.us>
Date: Thu, 18 Apr 2002 18:14:25 +0500

18.04.2002 18:03:36, "rustam" <arif_rustam@yahoo.com> wrote:

>
>
> From: "rustam" <arif_rustam@yahoo.com>
>
> To: <squid-users@squid-cache.org>
> Date: Thu, 18 Apr 2002 20:03:36 +0700
> Subject:[squid-users] squid cannot get some pages
>
>
>
> hi all,
>
> i am installing new squid cache for transparent proxy using freebsd and
> wccp. i've done all steps necessary including patching kernel, GRE, etc.
>
>
> it works well, but squid cannot obtain some web sites. it is annoying me
> since i have no idea why this could happen.
>
> on my examination, all pages that squid cannot get is redirected pages. does
> anybody ever seen this problems ?
>
>
>
> regards,
>
> Arif Rustam

from squid user guide

Squid can be configured to act transparently. In this mode, clients will not configure their
browsers to access the cache, but Squid will transparently pick up the appropriate packets and
cache requests. This solves the biggest problem with caching: getting users to use the cache
server. Users hardly ever know how to configure their browsers to use a cache, which means that
support staff have to spend time with every user getting them to change their settings. Some users
are worried about their privacy, or they think (that since it's a host between them and the
Internet) that the cache is slower (certainly not the case, as a few tests with the client program
will show).

However: transparent caching isn't really transparent. The cache setup is transparent, but using
the cache isn't. Users will notice a difference in error messages, and even the progress bars that
browsers show can act differently.

The Problem with Transparency

When Squid transparently caches a site, the source IP address of the connection changes: the
request comes from the cache server rather than the client machine. This can play havoc with web
sites that use IP-address authentication (such sites only allow requests from a small set of IP
addresses, rather than authenticating requests with a name and password.)

Since the cache changes the source IP address of the connection, some servers may deny legitimate
users access. In many cases, this will cost users money (they may pay for the service, or use the
information on that site to make money.)

If you know your network inside out, and know exactly who would be accessing a site like this,
there is probably no problem with using transparent caching. If this is the case, though, it might
be easier to simply change all of your users' settings.
Received on Thu Apr 18 2002 - 07:18:08 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:36 MST