[squid-users] Please help me , about none HTTP protocol (DPORT 80)

Amos Jeffries squid3 at treenet.co.nz
Sun Aug 30 15:33:52 UTC 2015

On 30/08/2015 1:10 p.m., 贾凡 wrote:
> Please help me , about none HTTP protocol (DPORT 80) . 
> I installed a SQUID (3.5) on Centos 6.5  as a web & video caching system .(not reverse proxy or cache )
> I use the TPROXY method following here: <http://wiki.squid-cache.org/Features/Tproxy4>
> the section in this tourial :
> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
> it will set all the data incoming from LAN erea (condition: destination port is 80) as the MARK , and then 
> squid process the data .

Yes. Amongst many other things, and only with support of the other rules
documented around it.

> here , I want to ask a question :
> not all the DPORT 80 data is HTTP protocol (such as : tencent's IM service port is 80 , but it is not HTTP protocol ) 
> in this condition , source client will appear problem because the SQUID box could not rightly process the data.
> then how Squid process the data that dport is 80 but which is not http protocol  ?

By rejecting. Port 80 is a *reserved* port for HTTP protocol use *only*.

Software that uses port 80 for non-HTTP protocols and messaging does so
for the explicit purpose of bypassing the network administrative
policies. Squid does not support that abuse of the port.

IM protocols in particular share most of their behaviour with REST HTTP
messaging design. So there is zero excuse for those IM services not to
be using HTTP syntax for their messages on port 80.

Squid-4 contains a directive on_unsupported_protocol that lets you
configure what happens.


More information about the squid-users mailing list