Re: [squid-users] How to redirect / preserve header between source and destination?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 25 Apr 2011 19:16:53 +1200

On 23/04/11 17:23, Andreas Braathen wrote:
>
> Hi,
>
> I've noticed that squid manipulates the headers/traffic from a source
> towards a destination. The squid is acting like a mediator with my
> config - how is it possible to forward the exact header retrieved
> from a client without squid changing it?

There is no "Retrieved" from the client. It is *sent* by the client.

All headers are passed unchanged unless RFC 2616 explicitly states that
it SHOULD or MUST be changed. The change performed matches RFC requirements.

To make Squid do otherwise is an RFC violation and requires manual
configuration. "squid -k parse" should complain/warn about all
"violation" settings you have added.

>
> To make an example: |source|<-----> |squid|<----->
> |destination|
>
> Source is sending a GET request to destination:
> "http://domain.com:443/path". Squid sees that the URL is not a HTTP
> request, but a port 443 (i.e. HTTPS), and therefore sending a
> SYN-packet to the destination to establish an SSL connection.

Yes. IANA has reserved port 443 for HTTPS protocol.
http://www.iana.org/assignments/port-numbers

What Squid does depends on the traffic "mode".
  * Forward proxy mode should see the "http://" and label it for HTTP
outgoing.
  * The various other modes will never see the "http://" part of the URL
and must assume the protocol flowing over port 443 is the protocol which
is supposed to be there.

>
> I think this _only_ applies with HTTP -> HTTPS traffic and not HTTP
> -> HTTP.
>
> Andreas

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.7 and 3.1.12.1
Received on Mon Apr 25 2011 - 07:17:01 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 25 2011 - 12:00:03 MDT