[squid-users] intercepting traffic
Amos Jeffries
squid3 at treenet.co.nz
Thu Nov 19 03:42:22 UTC 2015
On 19/11/2015 3:08 p.m., Brendan Kearney wrote:
> I am trying to set up a transparent, intercepting squid instance, along
> side my existing explicit instance, and would like some input around
> what i have buggered up so far.
>
> i am running HAProxy in front of two squid instances, with the XFF
> header added by HAProxy. My squid configs are all set to follow the XFF
> for the real source and logging is setup around digesting XFF for the
> source.
>
> i took my config and added:
> http_port 192.168.88.1:3129 intercept
This tells Squid you are intercepting the traffic between HAProxy and Squid.
You describe HAProxy as explicitly sending traffic to the Squid, so
there is no need for interception into Squid.
>
> this tells me that i am getting to the squid instances via the load
> balancer, but i am running into the "NAT must occur on the squid box"
> rule, i think.
Yes. That rule and the intercept option that cause it does not apply
when the software sending traffic to Squid is explicitly configured.
Such as you describe HAProxy being.
Amos
More information about the squid-users
mailing list