[squid-users] Squid CONNECT tunnel
roee klinger
roeeklinger60 at gmail.com
Wed May 4 16:30:05 UTC 2022
Hey Alex,
Thanks for the reply.
Basically, I need to set up a cache_peer, and have all traffic to it be sent using CONNECT, and add an HTTP CONNECT header such as:
CONNECT test1 HTTP/1.1\r\n\r\n .
Is that possible with Squid?
Thanks,
On 3 May 2022, 16:30 +0300, Alex Rousskov <rousskov at measurement-factory.com>, wrote:
> On 5/3/22 06:12, roee klinger wrote:
> > Hey,
> >
> > I am trying to use Squid with FTP server TCP Port Multiplexing, on the
> > FRP documentation (https://github.com/fatedier/frp#tcp-port-multiplexing
> > <https://github.com/fatedier/frp#tcp-port-multiplexing>), it says:
> >
> > frp supports receiving TCP sockets directed to different proxies on
> > a single port on frps, similar to vhost_http_port and vhost_https_port.
> >
> > The only supported TCP port multiplexing method available at the
> > moment is httpconnect - HTTP CONNECT tunnel.
> >
> > When setting tcpmux_httpconnect_port to anything other than 0 in
> > frps under [common], frps will listen on this port for HTTP CONNECT
> > requests.
> >
> > The host of the HTTP CONNECT request will be used to match the proxy
> > in frps. Proxy hosts can be configured in frpc by configuring
> > custom_domain and / or subdomain under type = tcpmux proxies, when
> > multiplexer = httpconnect.
> >
> > In the above configuration - frps can be contacted on port 1337 with
> > a HTTP CONNECT header such as:
> > CONNECT test1 HTTP/1.1\r\n\r\n
> >
> > and the connection will be routed to proxy1.
> >
> >
> >
> > I have been struggling to find info about the use of CONNECT tunnels in
> > Squid, the only page that seems to be talking about it is this:
> > https://wiki.squid-cache.org/Features/HTTPS
> > <https://wiki.squid-cache.org/Features/HTTPS>, and the link it points to
> > is broken.
> >
> > My question is, how can I use this with Squid? Can I configure Squid to
> > receive traffic and then send it out to FRP with a custom CONNECT header?
> >
> > I am not sure if this is only good for web servers, or if upstream proxy
> > servers can use this method too.
>
> CONNECT is usually used for opening TCP tunnels through HTTP proxies.
> Squid uses CONNECT (only) when the HTTP protocol requires such use:
> Squid will send a CONNECT request if you configure Squid to talk to a
> configured cache_peer (without an originserver flag), provided Squid
> needs to open a TCP tunnel through that cache_peer.
>
> Squid uses TCP tunnels in several cases. The most common use case is
> when Squid is forwarding a received CONNECT request (or an intercepted
> TLS connection) through a cache_peer.
>
> I have not studied FRP documentation and do not know how it all maps to
> your specific use case, but if you can summarize your use case in basic
> FTP/HTTP/TLS terms (e.g. Squid receives FTP request X and should send
> HTTP request Y), we may be able to help you with Squid configuration.
>
> Alex.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220504/bc73bcd8/attachment.htm>
More information about the squid-users
mailing list