[squid-users] intercepting traffic
bpk678 at gmail.com
Thu Nov 19 15:10:58 UTC 2015
So does that mean I can run the DNAT on the firewall/router/load balancer
device and remove the intercept line from my configs, and expect things to
On Nov 18, 2015 10:43 PM, "Amos Jeffries" <squid3 at treenet.co.nz> wrote:
> On 19/11/2015 3:08 p.m., Brendan Kearney wrote:
> > I am trying to set up a transparent, intercepting squid instance, along
> > side my existing explicit instance, and would like some input around
> > what i have buggered up so far.
> > i am running HAProxy in front of two squid instances, with the XFF
> > header added by HAProxy. My squid configs are all set to follow the XFF
> > for the real source and logging is setup around digesting XFF for the
> > source.
> > i took my config and added:
> > http_port 192.168.88.1:3129 intercept
> This tells Squid you are intercepting the traffic between HAProxy and
> You describe HAProxy as explicitly sending traffic to the Squid, so
> there is no need for interception into Squid.
> > this tells me that i am getting to the squid instances via the load
> > balancer, but i am running into the "NAT must occur on the squid box"
> > rule, i think.
> Yes. That rule and the intercept option that cause it does not apply
> when the software sending traffic to Squid is explicitly configured.
> Such as you describe HAProxy being.
> squid-users mailing list
> squid-users at lists.squid-cache.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users