[squid-users] FW: Encrypted browser-Squid connection errors

squid3 at treenet.co.nz squid3 at treenet.co.nz
Wed Nov 2 04:43:55 UTC 2022 

On 2022-11-02 15:35, Grant Taylor wrote:
> On 11/1/22 6:27 PM, squid3 wrote:
>> The working ones deliver an HTTP/1.1 302 redirect to their companies 
>> homepage if the request came from outside the company LAN. If the 
>> request came from an administrators machine it may respond with stats 
>> data about the node being probed.
> 
> I suspect that Squid et al. could do similar.  ;-)
> 

Yes, they can be configured to do so if you need it.

Neither outcome avoids the problem that the client was trying to 
interact with a resource entirely different on another server whose info 
has been lost implicitly by the protocol syntax.

> 
>> I take it from your statement you have not worked on networks like 
>> web-cafes, airports, schools, hospitals, public shopping malls who all 
>> use captive portal systems, or high-security institutions capturing 
>> traffic for personnel activity audits.
> 
> I have worked in schools, and other public places, some of which had a 
> captive portal that intercepted to a web server to process registration 
> or flat blocked non-proxied traffic.  The proxy server in those cases 
> was explicit.
> 

They missed a trick then. If the registration process is simple, it can 
be done by Squid with a session helper and two listening ports. We even 
ship some ERR_AGENT_* templates for captive portals use.


> 
> The current default doesn't work on servers using NLD Active API 
> Server.


Reference? Google is not providing me with anything HTTP capable by that 
name or the obvious sub-sets.


>> And you were specifying the non-default-'http-alt' port via the 
>> "http://" scheme in yours.
>> Either way these are two different HTTP syntax with different "default 
>> port" values.
>> 
>> 
>> An agent supporting the http:// URL treats it as a request for some 
>> resource at the HTTP origin server indicated by the URL authority part 
>> or Host header.
>> 
>> An agent supporting the http-alt:// URL treats it as a request to 
>> forward-proxy the request-target specified in the URL query segment, 
>> using the upstream proxy indicated by the URL authority part or Host 
>> header.
> 
> If I'm understanding correctly, this is a case of someone asking Bob to 
> connect to Bob.  That's not a thing.  Just talk directly to Bob.

   http-alt://bob?http://alice/some/resource
Is instructing a client to ask proxy (Bob) to fetch /some/resource from 
origin (Alice). All the client "explicit configuration" is in the URL, 
rather than client config files or environment variables.

> 
>> The ones I am aware of are:
>>   * HTTP software testing and development
>>   * IoT sensor polling
>>   * printer network bootstrapping
>>   * manufacturing controller management
>>   * network stability monitoring systems
> 
> Why is anything developed in the last two decades green fielding with 
> HTTP/0.9?!?!?!
> 

The IoT stuff at least. The others are getting old, but more like 10+ 
years rather than 20+.


Cheers
Amos

More information about the squid-users mailing list