Le mercredi 12 octobre 2011 à 16:27 +0530, nipun_mlist Assam a écrit :
> > Just a question Nipu,
> >
> > what are real benefits to use "Tproxy" instead just set an iptables
> > rules and set squid as transparent mode ?
> >
> >
> Actually, I was referring squid with tproxy, where we configure squid
> something like as given below:
> http_port 85 tproxy
> http_port 86 ssl-bump cert=/extra/squid/etc/Centos6.0.pem tproxy
>
> Yes, we need the iptables rules and squid has to listen transparently
> on some ports.
> But, here squid is supposed the spoof the client IP and the root web
> servers should not see the client (http client machine) IP. But that
> is not happening.
> Secondly, it doesn't work with HTTPs traffic.
>
> transparent proxy should be able to transparently send and receive
> data without the client and servers being aware of a proxy in between.
> If the web server sees the squid IP in stead of the client IP, then I
> think, it is not fully transparent.
>
> -Nipun
>
> On Wed, Oct 12, 2011 at 2:15 PM, David Touzeau <david_at_touzeau.eu> wrote:
> > Le mercredi 12 octobre 2011 à 09:46 +0530, nipun_mlist Assam a écrit :
> >> Squid in tproxy mode, doesn't work with HTTPS most probably. Secondly,
> >> it doesn't spoof the client IP. I have fixed the issues for my work.
> >> But wondering if the fix is already available somewhere.
> >> -Nipu
> >>
> >> On Tue, Oct 11, 2011 at 4:32 PM, David Touzeau <david_at_touzeau.eu> wrote:
> >> > Le mardi 11 octobre 2011 à 11:50 +0200, Fred B a écrit :
> >> >> ----- "David Touzeau" <david_at_touzeau.eu> a écrit :
> >> >>
> >> >> > Dear all
> >> >> >
> >> >> > I would like to know what are the limitations using squid in
> >> >> > transparent
> >> >> > mode between using squid in standard mode
> >> >> >
> >> >> > I know there are
> >> >> >
> >> >> > Transparent mode limitations :
> >> >> > No user authentication method.
> >> >> > No all HTTPS features.
> >> >> >
> >> >> > Is someone know what are others limitations ?
> >> >> >
> >> >> > Best regards.
> >> >>
> >> >> Hi David
> >> >>
> >> >> See http://wiki.squid-cache.org/SquidFaq/InterceptionProxy -> Concepts of Interception Caching
> >> >>
> >> >> Fred
> >> >
> >> >
> >> > Thanks Fred, this is what i would like to find !
> >> >
> >> >
> >
> >
> > Just a question Nipu,
> >
> > what are real benefits to use "Tproxy" instead just set an iptables
> > rules and set squid as transparent mode ?
> >
> >
But what are impacts between this
http_port 85 tproxy
against this
http_port 85 transparent
Received on Thu Oct 13 2011 - 22:42:29 MDT
This archive was generated by hypermail 2.2.0 : Fri Oct 14 2011 - 12:00:03 MDT