RE: [squid-users] squid as general tcp proxy

From: James Harper <james_at_ejbdigital.com.au>
Date: Fri, 18 Jul 2014 08:11:29 +0000

>
> On 17/07/2014 11:09 p.m., James Harper wrote:
> > Is there any way of configuring squid to proxy any tcp traffic on any
> > port? Obviously it can't filter on URL but can still filter on a few
> > other things, including ident user and IP address.
>
> Devices that do that are commonly called firewalls or deep packet
> inspection.
>

True, but squid has the advantage of a very nice acl and permission infrastructure, rather than defining one set of rules for squid and another for iptables (which can't authenticate by identd afaik)

Using a https_port with transparent and ssl_bump none works - all connections are just plumbed straight through. The only issue is when the destination port is unreachable - then squid returns an error page which is going to be completely unexpected by the client unless it is expecting http. I assume that's an issue when just using https_port for actual ssl too though.

James
Received on Fri Jul 18 2014 - 08:11:48 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 20 2014 - 12:00:04 MDT