[squid-users] intercept vs. accel vhost allow-direct

sknz sakibnizam at gmail.com
Fri Sep 13 09:23:01 UTC 2019

Okay, forward proxy port updated to 3128.  This is my scenario here:

Internet <> eth0 LAN port <> Server
WIFI AP-User <> WIFI AP <> eth1 LAN port <> Server

So my AP-USER can browse HTTPS for now, but not HTTP. And Squid3 is handling
HTTP transparent proxy here. If I remove Squid3 from the scenerio, AP-USER
can browse both HTTP and HTTPS. In the server, CoovaChilli takes control of
the internal interface (eth1) using a raw promiscuous socket. It then uses
the tun0 to pass and receive packets to and from the WAN(eth0).

http_port 3128
http_port 3130 intercept

Even AP-USER can browse both http and https, if I replace the above config

http_port 3128 accel vhost allow-direct
-A PREROUTING ..... --dport 80 -j REDIRECT --to-ports 3128

It only doesn't work when I configure two-port and HTTP transparent proxy.

I tried dropping the drop rule, it doesn't work. Please check my full
iptables here: 

Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html

More information about the squid-users mailing list