Re: [squid-users] Transparent / Standard mode comparative

From: nipun_mlist Assam <nipunmlist_at_gmail.com>
Date: Wed, 12 Oct 2011 16:27:48 +0530

> Just a question Nipu,
>
> what are real benefits to use "Tproxy" instead just set an iptables
> rules and set squid as transparent mode ?
>
>
Actually, I was referring squid with tproxy, where we configure squid
something like as given below:
http_port 85 tproxy
http_port 86 ssl-bump cert=/extra/squid/etc/Centos6.0.pem tproxy

Yes, we need the iptables rules and squid has to listen transparently
on some ports.
But, here squid is supposed the spoof the client IP and the root web
servers should not see the client (http client machine) IP. But that
is not happening.
Secondly, it doesn't work with HTTPs traffic.

transparent proxy should be able to transparently send and receive
data without the client and servers being aware of a proxy in between.
If the web server sees the squid IP in stead of the client IP, then I
think, it is not fully transparent.

-Nipun

On Wed, Oct 12, 2011 at 2:15 PM, David Touzeau <david_at_touzeau.eu> wrote:
> Le mercredi 12 octobre 2011 à 09:46 +0530, nipun_mlist Assam a écrit :
>> Squid in tproxy mode, doesn't work with HTTPS most probably. Secondly,
>> it doesn't spoof the client IP. I have fixed the issues for my work.
>> But wondering if the fix is already available somewhere.
>> -Nipu
>>
>> On Tue, Oct 11, 2011 at 4:32 PM, David Touzeau <david_at_touzeau.eu> wrote:
>> > Le mardi 11 octobre 2011 à 11:50 +0200, Fred B a écrit :
>> >> ----- "David Touzeau" <david_at_touzeau.eu> a écrit :
>> >>
>> >> > Dear all
>> >> >
>> >> > I would like to know what are the limitations using squid in
>> >> > transparent
>> >> > mode between using squid in standard mode
>> >> >
>> >> > I know there are
>> >> >
>> >> > Transparent mode limitations :
>> >> > No user authentication method.
>> >> > No all HTTPS features.
>> >> >
>> >> > Is someone know what are others limitations ?
>> >> >
>> >> > Best regards.
>> >>
>> >> Hi David
>> >>
>> >> See http://wiki.squid-cache.org/SquidFaq/InterceptionProxy -> Concepts of Interception Caching
>> >>
>> >> Fred
>> >
>> >
>> > Thanks Fred, this is what i would like to find !
>> >
>> >
>
>
> Just a question Nipu,
>
> what are real benefits to use "Tproxy" instead just set an iptables
> rules and set squid as transparent mode ?
>
>
Received on Wed Oct 12 2011 - 10:57:55 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 14 2011 - 12:00:03 MDT