[squid-users] squid + tproxy is not working properly when using url_rewriter and local apache script for youtube caching

From: x-man <x-man_at_vivateam.org>
Date: Wed, 18 Apr 2012 08:27:59 -0700 (PDT)

Hello there,

I'm using squid transparent proxy for caching and I have also youtube
caching done with url_rewrite and apache script running on same machine as
squid.

It was all working fine, until I decided to go with TPROXY, as it has many
benefits. When I implemented the tproxy rules in iptables, everything
continued to work except the playing of youtube videos - where the
url_rewriter and the apache script come into play. The url_rewriter
redirects the youtube requests to a local .php script working on the Apache
(on same machine)

I think it has something to do with how squid communicates with the local
apache process (where the software for youtube caching works) and somehow
the tproxy is screwing this up, because after implementing the tproxy the
requests to the Apache are sent with the USER-IP (previous without tproxy,
it was with SQUID-IP) and the reply from the apache script probably goes
directly the user, instead of returning back through the squid process.

Also the apache script should be able to freely communicate with the real
youtube servers, to fetch the video from there.

Here are my rules for tproxy, but I think they are pretty standart:

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 8081

echo 1 > /proc/sys/net/ipv4/ip_forward
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

The system is UBUNTU 12.04 with squid version 3.1.19.

Anyone experienced same problem and eventually some workaround with the
Squid options or with iptables rules? 

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-tproxy-is-not-working-properly-when-using-url-rewriter-and-local-apache-script-for-youtube-cacg-tp4568053p4568053.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Wed Apr 18 2012 - 15:28:01 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 19 2012 - 12:00:03 MDT