[squid-users] Capture incoming information from one squid to another.
Alex Rousskov
rousskov at measurement-factory.com
Tue Aug 30 21:00:53 UTC 2022
Chris,
Your [open proxy] configuration prohibits Squid from going direct
("never_direct allow all") but does not configure any cache_peers as an
alternative. Thus, Squid cannot forward any requests. Either remove
never_direct or add cache_peer(s). I recommend the former as a simpler
starting point.
Also, AFAICT, you are using direct curl-to-Squid TCP connections while
testing an http_port configured for _intercepted_ traffic. Perhaps that
explains why Squid does not even respond with an error page, but I am
not sure.
HTH,
Alex.
On 8/30/22 13:32, Chris XMT wrote:
> I'm still not having any luck. I'd like to just leave it open and I
> understand that it could be abused. My "CURL" results are;
>
> curl -v --proxy http://SQUID_SERVER:3128 -I http://www.example.com
>
> * About to connect() to proxy SQUID_SERVER port 3128 (#0)____
>
> * Trying xxx.xxx.xxx.xxx...____
>
> * Connected to SQUID_SERVER (xxx.xxx.xxx.xxx) port 3128 (#0)____
>
> > HEAD http://www.example.com/ <http://www.example.com/> HTTP/1.1____
>
> > User-Agent: curl/7.29.0____
>
> > Host: www.example.com <http://www.example.com/>____
>
> > Accept: */*____
>
> > Proxy-Connection: Keep-Alive____
>
> >__ __
>
> * Empty reply from server____
>
> * Connection #0 to host SQUID_SERVER left intact____
>
> curl: (52) Empty reply from server
>
>
>
> This is my configuration;
>
> dns_v4_first on
>
> __
>
> never_direct allow all
>
> __
>
> sslproxy_cert_error allow all____
>
> __
>
> http_port 3128 intercept____
>
> acl all src all____
>
> http_access allow all
>
> __
>
> __
>
> acl Safe_ports port 443____
>
> acl Safe_ports port 80 # http____
>
> http_access deny !Safe_ports____
>
> __ __
>
> acl http proto http____
>
> acl port_80 port 80____
>
> acl port_443 port 443____
>
> acl CONNECT method CONNECT____
>
> __
>
> debug_options ALL,1 33,2 28,9
>
>
> On Wed, Aug 17, 2022 at 2:01 PM Alex Rousskov
> <rousskov at measurement-factory.com
> <mailto:rousskov at measurement-factory.com>> wrote:
>
> On 8/15/22 21:49, Marcelo wrote:
>
> > How can I transfer connection information from one squid server
> to another?
>
> Use cache_peer login=PASSTHRU or login=PASS. Other login=... options
> may
> also be of interest. See cache_peer documentation in your
> squid.conf.documented for details and caveats.
>
>
> HTH,
>
> Alex.
>
>
> > Example:
> >
> > An user connects to Squid One (Squid One IP 192.1.1.1) through
> port 4000
> > using usr/pw credentials.
> >
> > Squid One authenticates it via SQL DB. This part is already
> working fine.
> >
> > Squid One verifies if destination website is in dst domain list.
> >
> > If yes Squid One routes it to Route A. End of story.
> >
> > If no Squid One routes it to Squid Two.
> >
> > But Squid One must inform Squid Two who is the user and witch
> port he
> > asked to connect.
> >
> > Why? Because Squid Two must use this info as if the user itself is
> > connecting to Squid Two.
> > Why, again? Because Squid Two will use this info to route this
> user to
> > the correct route. This part is also done.
> >
> > My doubt is, is there a way to make Squid Two “thinks” that user is
> > connecting direct to Squid Two, so that, Squid Two can use user/port
> > information to route this poor little guy.
> >
> > It’s a bit hard to explain it through email.
> >
> > Best Regards.
> >
> > Marcelo.
> >
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
> > http://lists.squid-cache.org/listinfo/squid-users
> <http://lists.squid-cache.org/listinfo/squid-users>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
> <http://lists.squid-cache.org/listinfo/squid-users>
>
More information about the squid-users
mailing list