[squid-users] squid intercept config

Amos Jeffries squid3 at treenet.co.nz
Sat Mar 7 13:24:55 UTC 2015


On 8/03/2015 1:09 a.m., Monah Baki wrote:
> Forgot to paste my test.
> 
> Basically from my squid server:
> root at ISN-PHC-CACHE:/cache/squid/bin # ./squidclient -h www.cnn.com -H
> 'Host: www.cnn.com\n' -p 80
> HTTP/1.1 302 Found
> Server: Varnish
> Retry-After: 0
> Content-Length: 0
> Location: http://edition.cnn.com80

Um, that redirect URL is invalid. This Varnish is outputting garbage.


However, this test result does prove that output traffic from your Squid
should be fine. The test connecting to your port 3128 should confirm
that by getting the same or very similar result for normal traffic.


So the problem is on the input. It could still be at the client end, or
in the NAT redirection.

One thing I've not seen clarified in the discussion is which machine the
NAT rules have been placed (Squid box? or router?). Sorry if I missed that.
 The NAT operation MUST be done on the Squid box or the local machines
NAT system tells it the client was connecting to connect to
itself/Squid:3129 (which is the forwarding loop).

The router looks liek a Cisco device, so it must do L2 routing
redirection or WCCP to deliver packets to the Squid machine without
having altered their IP:port details in any way.

Amos



More information about the squid-users mailing list