[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Squid + ipfwadm redirect transparent problems

On Thu, 21 Aug 1997, Mike wrote:

> Jose Maria Omo Millan wrote:
> ># Redirect to Squid proxy server
> >/sbin/ipfwadm -I -a acc -P tcp -D default/0 80 -r 8080
> >    ERROR: The requested URL could not be retrieved
> >     While trying to retrieve the URL: / 
> 
> The http 1.0 protocol does not send requested IP address in the request. If
> a client asks for "http://www.playboy.com"; then he opens a TCP connection
> to 205.216.146.202:80 and sends the text "GET / HTTP/1.0". Your squid would
> need to ask the firewall what destination IP address was in the packet, and
> I guess it can't do that.
> 
> You can't mix proxies and straight http, they are different protocols.

Now I recall the trouble, you have to enable a Squid option for virtual
hosting. It will take the address from the socket which is how Transparent
Proxy communicates the address.

Be very aware that this is not nearly as good as using squid as a proxy
with a proxy protocol, your cache hits will go down because sites with
multiple IP's for their servers will be cached multiple times.

With the new http clients you might not have a problem, donno if squid
supports it.

Jason


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .
Reply to: