[squid-users] FW: Encrypted browser-Squid connection errors

Grant Taylor gtaylor at tnetconsulting.net
Fri Oct 21 17:25:10 UTC 2022 

On 10/21/22 2:25 AM, Matus UHLAR - fantomas wrote:
> apparently this is a hack to be able to define proxy autoconfig in the 
> location field.
> 
> Since it has very restricted capabilities, it's apparently non-issue.
> 
> I guess that you can only define FindProxyForURL() this way.

ACK

Thank you for the additional details Matus.

> I know of such servers.

I did say /rarely/.  ;-)  I too have seen them.  They are just a 
disproportionately small number of web and proxy servers.

> And, HTTP proxy does not even have defined own port so people use random 
> ports or ports commonly used for this service.

Sure it does.  An HTTP proxy server is an HTTP server.  HTTP has port 80 
defined.

 From memory, the only effective difference between explicit proxy mode 
and transparent proxy mode (from Squid's point of view) is the use of 
the `CONNECT` vs `GET` et al, command and how the hostname is specified.

> the beautiful nature of HTTP allows us to define port within URL,

That is a very nice convenience.  But a /convenience/ does not equate to 
a /need/.

> therefore people tend so use separate ports instead of allocating 
> extra IP addresses for proxy usage.

That is a convention.  But a /convention/ does not equate to a /need/.

> I think Adam Meyer also explained it nicely.

Yes, Adam said that 3128 is a /convention/.

convention != need

> That is FTP through HTTP proxy. Not FTP through FTP proxy.

Hum.  I want to disagree, but I don't have anything to counter that at 
the moment.

> I repeat, FTP protocol does not support proxies and port 21 would be of 
> low usage here.

I remember reading things years ago where people would use a bog 
standard FTP client to connect to an /FTP/ server acting as an /FTP/ 
proxy.  I believe they then issues `OPEN` commands on the /FTP/ proxy 
just like they did on their /FTP/ client.  --  My understanding was that 
this had absolutely /nothing/ to do with /HTTP/, neither protocol nor 
proxy daemon.  Nor was it telnet / rlogin / etc. to run a standard ftp 
client on a bastion host.  Though that was also a solution at the time.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20221021/c9368adf/attachment.bin>

More information about the squid-users mailing list