[squid-dev] TCP passthrough of none-HTTP protocols

[Dave Lewthwaite]

Hi,

When evaluating Squid 4 recently, I came across an issue (actually it’s an old issue that’s been posted about before) where if you are performing transparent proxy (IPtables or other) and a none-http based protocol appears on the relevant port (80/443) squid will log error:invalid-request and the connection fails.

Is there any scope for inspecting the received request and if it’s not HTTP simply passing it through a TCP session to the destination server? Specifically this has been an issue for SSL connections where they use SSL/TLS on Port 443 but the decrypted protocol isn’t actually HTTP – intercepting these sessions will fail even if the SSL part worked correctly.


Even if the above isn’t possible, it’s quite hard to debug as the %<A / %<a log parameters doesn’t seem to be populated when squid logs error:invalid-request – surely this is possible since we should at least have basic TCP information about the session?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20160203/ac4da22f/attachment.html>