Re: [squid-users] squid non-accel default website

From: Amos Jeffries <>
Date: Wed, 12 May 2010 23:07:07 +0000

On Wed, 12 May 2010 23:02:08 +0200, Nils Hügelmann <>
> Hi Henrik,
> thanks for the answer, a fallback feature for direct requests would be
> great :-)
> regards
> nils
> Am 12.05.2010 22:38, schrieb Henrik Nordström:
>> tis 2010-05-11 klockan 17:04 +0200 skrev Nils Hügelmann:
>>> At the current state, it shows an "invalid URL" ... "while trying to
>>> retrieve the URL: /" error on direct access, which prevents using url
>>> rewriters(and deny_info too?!) so how to do this?...
>> You can't.
>> The reason is because Squid really need to know if an request is being
>> proxied or accelerated as it have impact on how the request should be
>> processed, and HTTP requires web servers (including accelerators) to
>> also know how to process requests using full URL.
>> Can't you move the proxy to a separate port, freeing up port 80 to be
>> used as a web server?
>> But yes, I guess we could add support for fallback mode when seeing an
>> obvious webserver request on a proxy port instead of bailing out with
>> invalid request.

 There are some security holes opened when defaulting to intercept or
accel mode on supposedly forward traffic.
Mandrivia has supplied captive-portal 'splash' pages for 3.2 that can be
sent instead of the current invalid response page. If anyone can spare the
time to implement a bit of polish let me know please, there are only two
small'ish alterations needed to make this happen for 3.2.

Received on Wed May 12 2010 - 23:07:11 MDT

This archive was generated by hypermail 2.2.0 : Thu May 13 2010 - 12:00:06 MDT