Re: [squid-users] squid non-accel default website

From: Nils Hügelmann <nils_at_huegelmann.info>
Date: Tue, 01 Mar 2011 16:43:40 +0100

Hi Amos,

are there any news about this?

Thanks,

Nils Hügelmann

> On Wed, 12 May 2010 23:02:08 +0200, Nils Hügelmann <n..._at_huegelmann.info>
> wrote:
> > Hi Henrik,
> >
> > thanks for the answer, a fallback feature for direct requests would be
> > great :-)
> >
> > regards
> > nils
> >
> > Am 12.05.2010 22:38, schrieb Henrik Nordström:
> >> tis 2010-05-11 klockan 17:04 +0200 skrev Nils Hügelmann:
> >>
> >>
> >>> At the current state, it shows an "invalid URL" ... "while trying to
> >>> retrieve the URL: /" error on direct access, which prevents using url
> >>> rewriters(and deny_info too?!) so how to do this?...
> >>>
> >> You can't.
> >>
> >> The reason is because Squid really need to know if an request is being
> >> proxied or accelerated as it have impact on how the request should be
> >> processed, and HTTP requires web servers (including accelerators) to
> >> also know how to process requests using full URL.
> >>
> >> Can't you move the proxy to a separate port, freeing up port 80 to be
> >> used as a web server?
> >>
> >> But yes, I guess we could add support for fallback mode when seeing an
> >> obvious webserver request on a proxy port instead of bailing out with
> >> invalid request.
> >>
>
> FYI:
> There are some security holes opened when defaulting to intercept or
> accel mode on supposedly forward traffic.
> Mandrivia has supplied captive-portal 'splash' pages for 3.2 that can be
> sent instead of the current invalid response page. If anyone can spare the
> time to implement a bit of polish let me know please, there are only two
> small'ish alterations needed to make this happen for 3.2.
>
> Amos
Received on Tue Mar 01 2011 - 15:43:20 MST

This archive was generated by hypermail 2.2.0 : Wed Mar 02 2011 - 12:00:01 MST