Re: [squid-users] linux transparent proxy problem

From: Matthew Krenzer <krenzer@dont-contact.us>
Date: Wed, 1 Sep 2004 10:00:03 -0500

If I do configuration a, that will require squid to be bound to both
port 80 and 8015, right? Or is there a way to bind to say 50080 and
58015 and have each of those default to 80 and 8015 respectivly?

Matthew

On Wed, Sep 01, 2004 at 01:38:50AM +0200, Henrik Nordstrom wrote:
> On Tue, 31 Aug 2004, Matthew Krenzer wrote:
>
> >1. If I configure 'httpd_accel_port 80' as mentioned in the documentation
> >I can never send request to port 8015. Everything gets hard set to
> >port 80.
>
> Correct.
>
> >2. If I configure 'httpd_accel_port 0' then if the request specifies a
> >Host header _with_ a port then the specified port gets used. If,
> >however, the Host header does _not_ have a port specified (as would be
> >the case for a port 80 request), squid send the request over the port
> >squid itself is bound to (3128).
>
> Here you have two choices:
>
> a) Have one http_port per port you redirect, and redirect to these
> accordingly.
>
> b) Run Squid on the firewall with support for your NAT/Redirect method, in
> which case it should be able to pick up the port number of the connection
> before NAT..
>
> >I also have the net-filter support compiled in which should allow
> >transparent proxing even if the Host header is missing (http/1.0).
> >The strange thing here is that if I don't specify a Host header at
> >all, then squid properly gets the original destination from the kernel
> >and sends the request to the proper host and port. So everything works
> >fine for the rarest of occasions. (of course virtual hosting would
> >break in this case).
>
> Ok, so then there may be gremlins in the implementation of
> "httpd_accel_port 0" in combination with interception and
> "httpd_accel_user_host_header on".
>
> Try alternative 'a' above. Should solve the problem.
>
> Also file a bug report for this issue. Alternative 'b' is supposed to
> work but admittedly is not a frequent configuration. I know I have never
> tried to do this so I don't know if it works or not.
>
> Regards
> Henrik
Received on Wed Sep 01 2004 - 09:00:05 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:01 MDT