Re: Help with transparent cache from Matt Ashfield on 1999-10-22 (squid-users)

From: Matt Ashfield <mda@dont-contact.us>
Date: Fri, 22 Oct 1999 14:09:42 -0300

Hi,

THanks for the response. I obviously have some learning to do, but my basic
quesiton is to run squid as a transparent cache do I need a firewall?

Cheers

Matt
mda@unb.ca

-----Original Message-----
From: Dave J Woolley <DJW@bts.co.uk>
To: 'squid-users@ircache.net' <squid-users@ircache.net>
Date: Friday, October 22, 1999 11:55 AM
Subject: RE: Help with transparent cache

>> From: Matt Ashfield [SMTP:mda@unb.ca]
>>
>> I'm new to squid, so I apologize if this is a newbie question. I'm trying
>> to
>> set up a transparent webcache using squid.
>>
> This should be treated as an advanced TCP hackers question,
> not a newbie question - things will work much better from a
> technical point of view if you use the web server the way
> it was intended to be used.
>
>> - Users requests a web page from webserver
>>
> Browser looks up the first matching valid IP address for the
> server and tries to send to that.
>
>> - router routes the request to the squid box
>>
> Somehow communicating the existing destination IP address
> (I don't know the details of the CISCO method, but the Linux
> method is that the router and squid box must be the same and
> the intercepted IP address is treated as a transient alias
> of the squid box address.)
>
> Alternatively, the browser uses the HTTP/1.1 Host header to indicate
> the real target.
>
>> - squid does what squid is supposed to do and returns either a cached
>> version of the requested web page or goes to the webserver and returns
>> one
>> from there.
>>
> Squid looks up the IP address that it is pretending to be for this
> request, to find the real host name, or uses the HOST header, and
> processes the resulting request as though it had been a proxy
>request
> (with the destination host in the actual URL).
>
> If the reverse look up fails, it probably uses the IP address; if
>the
> first IP address for the service is down, the request fails.
>
> The firewall recognizes that the forwarded request comes from the
> squid box and handles it normally rather than hacking it back to
> the squid box.
>
> Meanwhile, the client doesn't believe that there is a proxy, so will
> not do any of the processing it would normally do for for a proxy
> request.
>
>
>
Received on Fri Oct 22 1999 - 11:20:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:01 MST