Thank you very much for your response.
Exactly creating a route policy in my firewall, modifying Squid's
installation, and making the NAT in the box Squid is it worked!!!
Once again thank you very much for your help.
2013/5/1 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 2/05/2013 1:42 a.m., Pablo Ruben M wrote:
>>
>> I have Squid's new installation 3.3.3 behind a Firewall NAT and do not
>> achieve that it works. Placing the debug in ALL, 3 I obtain the
>> following mistakes:
>>
>> HTTP/1.1 400 Bad Request
>> Server: squid/3.3.3
>> Mime-Version: 1.0
>> Date: Wed, 01 May 2013 12:19:08 GMT
>> Content-Type: text/html
>> Content-Length: 3229
>> X-Squid-Error: ERR_INVALID_URL 0
>> Vary: Accept-Language
>> Content-Language: en
>> X-Cache: MISS from proxy02
>> Via: 1.1 proxy02 (squid/3.3.3)
>> Connection: close
>>
>> In the web browser I obtain:
>>
>> The following error was encountered while trying to retrieve the URL: /
>>
>> Invalid URL
>>
>> I have Squid's installation 2.7 working without problems. Does it
>> change radically the installation into Squid 3?
>
>
> No. The changes required to make 3.2and later work are also required to make
> version 2.5 to 3.1 work properly. The older versiosn were just hiding the
> problem and allowing hackers to use the proxy unrecorded (CVE-2009-0801 is
> one of the effects).
>
> Solution: separate the Squid http_port from intercepted traffic from the
> configured proxy traffic.
>
>
> Also, the firewall NAT must be done on the Squid device. If the firewall
> device is separate from the Squid device, you require policy routing (or
> WCCP) to pass traffic without altering the IP details from the firewall
> device to the squid device where NAT can take place.
>
> Amos
>
-- Saludos, Pablo R MaldonadoReceived on Thu May 02 2013 - 18:01:57 MDT
This archive was generated by hypermail 2.2.0 : Fri May 03 2013 - 12:00:13 MDT