[squid-users] Squid Transparent/intercept Issues

Yuri Voinov yvoinov at gmail.com
Mon Mar 20 15:44:27 UTC 2017


Did you tried our wiki:

http://wiki.squid-cache.org/ConfigExamples/Intercept

?

20.03.2017 21:26, christian brendan пишет:
> Hello Everyone,
>
> Squid Cache: Version 3.5.20
> OS: CentOS 7
>
> I have used squid for quite some times non transparently and it works,
> problem kicks in when: http_port 3128 transparent is enabled. 
> Access denied error page shows up when transparent is enabled
>
>
>   ERROR
>
>
>     The requested URL could not be retrieved
>
> ------------------------------------------------------------------------
>
> The following error was encountered while trying to retrieve the
> URL: http://www. <http://www.bing.com/>bing.com <http://bing.com/>
>
>     *Access Denied.*
>
> Access control configuration prevents your request from being allowed
> at this time. Please contact your service provider if you feel this is
> incorrect.
>
> Your cache administrator is root
> <mailto:root?subject=CacheErrorInfo%20-%20ERR_ACCESS_DENIED&body=CacheHost%3A%20radman.nocnet.comternet.com%0D%0AErrPage%3A%20ERR_ACCESS_DENIED%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Mon,%2020%20Mar%202017%2013%3A09%3A32%20GMT%0D%0A%0D%0AClientIP%3A%2010.24.7.101%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2F%20HTTP%2F1.1%0AUpgrade-Insecure-Requests%3A%201%0D%0AUser-Agent%3A%20Mozilla%2F5.0%20%28Windows%20NT%206.3%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML,%20like%20Gecko%29%20Chrome%2F56.0.2924.87%20Safari%2F537.36%0D%0AAccept%3A%20text%2Fhtml,application%2Fxhtml+xml,application%2Fxml%3Bq%3D0.9,image%2Fwebp,*%2F*%3Bq%3D0.8%0D%0AAccept-Encoding%3A%20gzip,%20deflate,%20sdch%0D%0AAccept-Language%3A%20en-US,en%3Bq%3D0.8%0D%0AVia%3A%201.1%20radman.nocnet.comternet.com%20%28squid%2F3.5.20%29%0D%0AX-Forwarded-For%3A%2010.24.7.99%0D%0ACache-Control%3A%20max-age%3D0%0D%0AConnection%3A%20keep-alive%0D%0AHost%3A%20www.servermom.org%0D%0A%0D%0A%0D%0A>.
>
>
>
> Some forums says
>
>
>       transparent was deprecated and replaced with "intercept"
>       <http://www.squid-cache.org/Doc/config/http_port/>
>
> while others says otherwise.
> Most confusing is, when http_port is set to transparent or intercept
> it gives the same result
> The only thing that seems to work is: http_port 3128 accel vhost
> allow-direct
> but i'm not comfortable with this because i do not think it was meant
> for transparent operations besides it blocks https sites on the squid
> host system.
>
> Please i need advice on transparent mode best practices.
>
> Is it http_port 3128 transparent or intercept or accel vhost allow-direct
>
> which one is supported by the current version of squid 3.5.20 ?
> Best Regards
> Thanks
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
Bugs to the Future
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170320/180aeed7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170320/180aeed7/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170320/180aeed7/attachment-0001.sig>


More information about the squid-users mailing list