I'm trying to setup a transparent proxy system on linux and have run
into what I hope is a rather strange configuration problem.
. I have squid listening on port 3128.
. I have the firewall configured to intercept traffic over ports 80
and 8015 and send them to squid.
. I have the following configured in squid:
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Now the problems.
1. If I configure 'httpd_accel_port 80' as mentioned in the documentation
I can never send request to port 8015. Everything gets hard set to
port 80.
2. If I configure 'httpd_accel_port 0' then if the request specifies a
Host header _with_ a port then the specified port gets used. If,
however, the Host header does _not_ have a port specified (as would be
the case for a port 80 request), squid send the request over the port
squid itself is bound to (3128).
So it seems I can either send requests only to port 80, or only not to
port 80. It seems in case 2, the proper behavior should be that if a
port is not specified in the Host header that the default port for the
protocol being used should be selected instead of the port squid is
bound to.
I also have the net-filter support compiled in which should allow
transparent proxing even if the Host header is missing (http/1.0).
The strange thing here is that if I don't specify a Host header at
all, then squid properly gets the original destination from the kernel
and sends the request to the proper host and port. So everything works
fine for the rarest of occasions. (of course virtual hosting would
break in this case).
Am I missing anything in the configuration? Is this expected behavior?
I really don't want to have to create a separate squid instance for
each port I'm intercepting, so I'm hoping I can get this to work
right. The disconnect between what happens if there is a Host header
and if there isn't seems to indicate a bug, but perhaps this is by
design.
Any thoughts would be much appreciated.
Thanks,
Matthew
Received on Tue Aug 31 2004 - 16:48:25 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:03 MDT