[squid-users] Squid Transparent/intercept Issues

christian brendan bosscb.chrisbren at gmail.com
Mon Mar 20 15:26:40 UTC 2017


Hello Everyone,

Squid Cache: Version 3.5.20
OS: CentOS 7

I have used squid for quite some times non transparently and it works,
problem kicks in when: http_port 3128 transparent is enabled.
Access denied error page shows up when transparent is enabled
ERRORThe requested URL could not be retrieved
------------------------------

The following error was encountered while trying to retrieve the URL:
http://www. <http://www.bing.com/>bing.com

*Access Denied.*

Access control configuration prevents your request from being allowed at
this time. Please contact your service provider if you feel this is
incorrect.

Your cache administrator is root
<root?subject=CacheErrorInfo%20-%20ERR_ACCESS_DENIED&body=CacheHost%3A%20radman.nocnet.comternet.com%0D%0AErrPage%3A%20ERR_ACCESS_DENIED%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Mon,%2020%20Mar%202017%2013%3A09%3A32%20GMT%0D%0A%0D%0AClientIP%3A%2010.24.7.101%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2F%20HTTP%2F1.1%0AUpgrade-Insecure-Requests%3A%201%0D%0AUser-Agent%3A%20Mozilla%2F5.0%20(Windows%20NT%206.3%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML,%20like%20Gecko)%20Chrome%2F56.0.2924.87%20Safari%2F537.36%0D%0AAccept%3A%20text%2Fhtml,application%2Fxhtml+xml,application%2Fxml%3Bq%3D0.9,image%2Fwebp,*%2F*%3Bq%3D0.8%0D%0AAccept-Encoding%3A%20gzip,%20deflate,%20sdch%0D%0AAccept-Language%3A%20en-US,en%3Bq%3D0.8%0D%0AVia%3A%201.1%20radman.nocnet.comternet.com%20(squid%2F3.5.20)%0D%0AX-Forwarded-For%3A%2010.24.7.99%0D%0ACache-Control%3A%20max-age%3D0%0D%0AConnection%3A%20keep-alive%0D%0AHost%3A%20www.servermom.org%0D%0A%0D%0A%0D%0A>
.


Some forums says
transparent was deprecated and replaced with "intercept"
<http://www.squid-cache.org/Doc/config/http_port/>
while others says otherwise.
Most confusing is, when http_port is set to transparent or intercept it
gives the same result
The only thing that seems to work is: http_port 3128 accel vhost
allow-direct
but i'm not comfortable with this because i do not think it was meant for
transparent operations besides it blocks https sites on the squid host
system.

Please i need advice on transparent mode best practices.

Is it http_port 3128 transparent or intercept or accel vhost allow-direct

which one is supported by the current version of squid 3.5.20 ?
Best Regards
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170320/a16d4868/attachment.html>


More information about the squid-users mailing list