On 20/07/2013 5:07 a.m., Guy Sass wrote:
> When I have squid set to act as a normal proxy (http_port 3128) and
> set my browser to use squid as a proxy, things work just fine.
>
> When I set squid transparent (http_port 3128 intercept) and then
> redirect normal outbound port 80 traffic to squid (with my browser
> unaware that it's being proxied), squid goes through the three way
> handshake process, gets my request, and dumps me:
<snip>
> I tried gutting my acls to see if that might have an effect, but it
> did not. Am I encountering some kind of bug, or merely doing something
> colossally stupid? See config, below:
There are two things in the config which might be hiding this type of
problem.
> http_port 3128 intercept
> #http_port 3128
You appear to have no separate forward-proxy and intercept-proxy ports.
Squid generates content in things like error pages which need to be
served up in forward-proxy or "accel" mode ports. If you serve them from
intercept-ports you end up with forwarding loops that can kill the whole
machine - that would appear as Squid "disconnecting".
Since Squid does or the machine goes down there is nothing logged
about such problems in access.log unless they are detected and halted by
forwarding loop protection ...
>
> coredump_dir /var/cache/squid
>
> forwarded_for transparent
> via off
>
"via" feature of HTTP is used by Squid to detect and terminate
forwarding loops before they get anywhere near causing major issues.
You are using "forwarded_for" in one of the new privacy settings, there
is little gained by disabling via as well and everything to loose.
Amos
Received on Sun Jul 21 2013 - 04:58:18 MDT
This archive was generated by hypermail 2.2.0 : Sun Jul 21 2013 - 12:00:05 MDT