[squid-users] Squid 4.8+ intercept
Grant Taylor
gtaylor at tnetconsulting.net
Thu Aug 11 03:47:32 UTC 2022
On 8/10/22 3:47 AM, ngtech1ltd at gmail.com wrote:
> If the proxy sits in the same network that the clients sit it won’t work.
Why not?
Is this because of -- what I call -- the TCP triangle problem? -
Meaning that Squid sees the source as the client and replies directly?
If that's the case, you can cheat by SNATing the traffic that's going to
Squid such that Squid sees the router as the source of the traffic.
Thus Squid replies to the router which unDNATs it and sends it back to
the original / real client.
Aside: Isn't this what WCCP was originally meant to address? Is WCCP a
non-starter any more? Even with TLS bump / monkey in the middle?
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220810/c9b8ea4d/attachment.bin>
More information about the squid-users
mailing list