On 09/11/10 00:11, Leonardo wrote:
> Hi Amos,
>
> On Sun, Nov 7, 2010 at 5:12 AM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
>> http_port 3128 intercept
>
> I have changed the config from "http_port 3128 transparent" to
> "http_port 3128 intercept", but I see no change in the behaviour.
>
>> You will also need a separate port for the normal browser-configured and
>> management requests. 3.1 will reject these if sent to a NAT interception
>> port.
>
> I don't get this. Could you please be so kind to explain, or to point
> me to a page in the documentation?
Ah, sorry I was mixing up me modes and versions. The statement was wrong
about the rejections. It's just a LAN-wide exploitable security hole.
>
>> Also check the squid access.log. This will determine whether it is the ASA
>> side or the Internet side of Squid which then needs to be tcpdumped for port
>> 80 to find out whats going on.
>
> The file access.log is empty.
So the ASA side. Now you know were to look for the mysterious missing
packets.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3Received on Tue Nov 09 2010 - 05:57:56 MST
This archive was generated by hypermail 2.2.0 : Tue Nov 09 2010 - 12:00:02 MST