[squid-dev] Forcing interception(transparent) mode, disabling NS lookups, and 'secretly' forwarding connections

Alex Rousskov rousskov at measurement-factory.com
Mon Apr 5 01:51:13 UTC 2021 

On 4/4/21 7:06 PM, Joshua Rogers wrote:
> I ended up finding a solution.
> 
> http->uri in the ConnStateData::parseHttpRequest function can simply be
> rewritten to be http://localhost:80/ <http://localhost:80/>. You can
> also manually set COMM_INTERCEPTION a little bit before that.

You may also be able to use a cache_peer or URL rewriter for this.

Alex.


> On Sun, Apr 4, 2021 at 11:31 PM Joshua Rogers wrote:
> 
>     Hi all,
> 
>     I have an extremely specific question about manipulating Squid to
>     run to in a very specific way.
>     Due to the complexity, I will gladly accept a "not possible" answer.
> 
>     I need to make the following changes to Squid, or somehow manipulate
>     Squid to:
> 
>     1) Always consider a client intercepted. This would mean
>     that COMM_INTERCEPTION is set for every client no matter what.
> 
>     2) NS lookups for domains needs to be disabled or simply return
>     localhost. I have considered setting AI_NUMERICHOST flag for every
>     getaddrinfo() call, but I don't think this function is used for
>     making connections to a website (gethostbyname seems to be used in
>     some places).
> 
>     3) Every outward connection Squid makes needs to be forwarded to
>     localhost on a specific port.
> 
> 
>     Why do I need to do this?
>     I have a large set of files which contain HTTP requests (headers
>     included).
>     I have a large set of files which contain HTTP responses (headers
>     included).
> 
>     I would like to loop the HTTP requests, sending each request to
>     Squid, and then I would like to run a loop, responding with each of
>     the HTTP responses I have stored. The idea is to get a nice code
>     coverage report which I can use for research later on.
> 
>     Like I said, this is a bit complicated, but I thought I would act,
>     perhaps somebody has an interesting idea how to do this :-). It will
>     most certainly require me to somehow defile the source code, but
>     this is just temporary and is nothing to do with a production service.
> 
>     Happy to hear any ideas.
> 
>     Cheers,
>     Josh

More information about the squid-dev mailing list