[squid-users] Client <-> Squid <-> WebServer packet flow

Amos Jeffries squid3 at treenet.co.nz
Wed Aug 26 05:21:12 UTC 2015

On 26/08/2015 2:33 p.m., SaRaVanAn wrote:
> Hi All,
> I have a basic question on Client - web server communication through Squid
> using transparent proxy.
> In case of transparent proxy Whenever a client tries to access a webpage,
> squid spoofs the packet and acts like a web server. In turn Squid initiates
> a new TCP connection with the web server.
> My clarification is like whether squid initiates a new TCP connection with
> webserver as soon as it receives a SYN packet from the client or after a
> TCP session has been established between the client and squid proxy server.
> I both the
> Client                Squid                Webserver
> ------------------------->
> <------------------------
> --------------------------->
> ------------------------------>
>                                                                 SYN

Not quite. Squid doesn't act like a web server exactly. It just avoids
using the proxy-only HTTP features in messages visible to the client.
For all other intents and purposes it is still a proxy and doing
proxying for this traffic.

Which partially answers your question. Since Squid is proxying these
messages - no, there is no server connection opened until one is needed.
After the caching logics have checked for HITs, adaptation and
re-writing checked for early responses/errors etc, and routing logics
decided what server(s) to try going to.

The spoofing of the client IP on TPROXY only affects the routing logics
by adding a restriction: only server accessible to the client are
usable. Original dst-IP of the server the client was trying to reach is
also preferred over others for a more seamless/invisible/transparent
service and is the most likely to succeed on first-try. But other
destinations selected by the routing logics could easily be used if that


More information about the squid-users mailing list