[squid-users] use of "myport" in transparent proxy situation

From: David Lau <mintypickle@dont-contact.us>
Date: Sun, 12 Feb 2006 15:27:25 -0600

Hi, all,

I searched the archives for this and only saw one short thread regarding the
topic. Since squid 2.5 came out, I have been using squid and squidguard it
to secure the wireless network at my office building, forcing employees to
enter a password that changes on a regular basis before allowing them to
use the internet. I have been accomplishing that with a squid config file that
boils down to the following:

http_port 3128 8282
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
...
...
redirect_program /usr/bin/squidGuard
redirect_children 10
acl unauthorized myport 8282
redirector_access allow unauthorized
acl all src 0.0.0.0/0.0.0.0
http_access allow all
icp_access allow all

So basically your typical transparent proxy setting. Before a user is
authenticated, iptables is redirecting port 80 to port 8282, which then goes
to squidguard, which does its redirector magic. After authentication,
iptables redirects to port 3128, and plain old transparent proxy takes
place.

This has been working beautifully up until 2.5.stable9, and has been broken
(or "fixed", depending on who you ask!) ever since then. Nothing ever gets
sent to squidguard now, it seems that the "myport 8282" acl never matches,
and everything winds up going to "acl all src 0.0.0.0/0.0.0.0". Is there
any way to make "myport" or "myip" work anymore in a transparent proxy
situation?

Thanks in advance for any help,
-Dave
Received on Sun Feb 12 2006 - 14:33:53 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST