[squid-users] FW: Encrypted browser-Squid connection errors
Grant Taylor
gtaylor at tnetconsulting.net
Tue Oct 25 15:47:53 UTC 2022
On 10/25/22 2:43 AM, Matus UHLAR - fantomas wrote:
> if by "transparent" you mean "intercepting" proxy, that is incorrect
By "transparent" I mean using network techniques to force clients to use
a proxy that aren't themselves aware that they are using a proxy.
> CONNECT is HTTP command designed for use with explicit HTTP proxy.
Agreed.
But what does Squid do differently after recognizing the request from
the client; be it a GET, PUT, POST, or even a CONNECT; the former being
transparent with the latter being explicit. Squid will still proxy the
request as it understands it dependent on configuration, ACLs, etc.
I currently maintain that there is little difference, other than the
VERB used, between transparent and explicit proxy configuration. Squid
still largely does the same thing.
Or said another way, all Squid needed to do to be able to support both
transparent and explicit was to understand the additional VERBs. Much
of the rest of the code was unchanged.
To me there is not a fundamental difference, beyond initial VERBs, for
transparent and explicit configuration. At least not anything like the
differences between FTP, HTTP, and ICP. Each of which are fundamentally
different protocols. Conversely transparent vs explicit is an extension
of one protocol, namely HTTP.
> ok, there's no explicit need. And since there's no explicit need to use
> port 80 for HTTP proxy, the convention is to use different port because
> of reasons stated before.
So port 3128 is based on convention. And that convention requires more
explicit configuration in clients. Okay. So be it.
> These are the FTP protocol "hacks" I mentioned before.
> The HTTP protocol was created with proxying in mind, FTP was not.
> using specially crafted login name for connecting to anoter server is
> one of those hacks.
Okay.
I (mis)took "hacks" to be things more severe like is typically done with
proxifiers used with SOCKS servers, e.g. altering / overloading system
library calls.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20221025/952d9134/attachment.bin>
More information about the squid-users
mailing list