[squid-users] intercepting traffic

Amos Jeffries squid3 at treenet.co.nz
Thu Nov 19 03:42:22 UTC 2015

On 19/11/2015 3:08 p.m., Brendan Kearney wrote:
> I am trying to set up a transparent, intercepting squid instance, along
> side my existing explicit instance, and would like some input around
> what i have buggered up so far.
> i am running HAProxy in front of two squid instances, with the XFF
> header added by HAProxy.  My squid configs are all set to follow the XFF
> for the real source and logging is setup around digesting XFF for the
> source.
> i took my config and added:
> http_port intercept

This tells Squid you are intercepting the traffic between HAProxy and Squid.

You describe HAProxy as explicitly sending traffic to the Squid, so
there is no need for interception into Squid.

> this tells me that i am getting to the squid instances via the load
> balancer, but i am running into the "NAT must occur on the squid box"
> rule, i think.

Yes. That rule and the intercept option that cause it does not apply
when the software sending traffic to Squid is explicitly configured.
Such as you describe HAProxy being.


More information about the squid-users mailing list