Richard Wall wrote:
> On Wed, Dec 3, 2008 at 4:44 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> Khemara Lyn wrote:
>>> How can I handle this error in Cache log:
>>> parseHttpRequest: Unsupported method 'BitTorrent'
>>> Is it serious or does it affect Squid performance?
>> It's only a waste of TCP connections, if you have available fd and socket
>> capacity on the system you can safely ignore it.
>
> Sorry to re-open this ancient thread, but I'm interested in another
> aspect of this.
>
> I am working for a small ISP customer who have an obligation not to
> block *any* traffic.
> We have set up Squid in transparent mode and we are using a Brocade
> smart switch / router to redirect port 80 traffic to the Squid
> machine.
>
> It all works, but we notice an immediate and significant drop in
> outbound traffic which we are fairly sure is caused by Squid blocking
> non-http port 80 traffic.
I would not worry about that. P2P apps which use port 80 usually have
other methods of connecting. Particularly their own dedicated protocol
ports. Leave those open and they work better.
The apps which do not use port 80 for HTTP properly (ie doing correct
HTTP tunneling) are in violation of web usage standards. Your contracts
should not allow you to be penalized for providing a properly working
web proxy to your clients.
>
> Can anyone suggest a way to only pass http traffic to Squid - and let
> other non-http traffic to pass through.
>
> Look forward to hearing your suggestions.
>
> -RichardW.
If you must look at it, then the workaround hack of identifying packets
data content has to be done in the iptables routing levels. This is a
tricky problem since there is no guarantee that the needed data is in
the first packet of a connection. Once packets enter Squid its too late
to bypass.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15Received on Sat Jan 09 2010 - 13:10:58 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 12 2010 - 12:00:03 MST