[squid-users] FW: Encrypted browser-Squid connection errors

Tue Oct 25 08:43:54 UTC 2022

>On 10/21/22 2:25 AM, Matus UHLAR - fantomas wrote:
>>apparently this is a hack to be able to define proxy autoconfig in 
>>the location field.
>>
>>Since it has very restricted capabilities, it's apparently non-issue.
>>
>>I guess that you can only define FindProxyForURL() this way.

On 21.10.22 11:25, Grant Taylor wrote:
>From memory, the only effective difference between explicit proxy mode 
>and transparent proxy mode (from Squid's point of view) is the use of 
>the `CONNECT` vs `GET` et al, command and how the hostname is 
>specified.

if by "transparent" you mean "intercepting" proxy, that is incorrect

CONNECT is HTTP command designed for use with explicit HTTP proxy.

>>I think Adam Meyer also explained it nicely.
>
>Yes, Adam said that 3128 is a /convention/.

ok, there's no explicit need. And since there's no explicit need to use port 
80 for HTTP proxy, the convention is to use different port because of 
reasons stated before.

>>I repeat, FTP protocol does not support proxies and port 21 would be 
>>of low usage here.
>
>I remember reading things years ago where people would use a bog 
>standard FTP client to connect to an /FTP/ server acting as an /FTP/ 
>proxy.  I believe they then issues `OPEN` commands on the /FTP/ proxy 
>just like they did on their /FTP/ client.  --  My understanding was 
>that this had absolutely /nothing/ to do with /HTTP/, neither protocol 
>nor proxy daemon.  Nor was it telnet / rlogin / etc. to run a standard 
>ftp client on a bastion host.  Though that was also a solution at the 
>time.

On 21.10.22 11:51, Grant Taylor wrote:
>I knew that I had seen something about using an FTP proxy that wasn't 
>HTTP related.
>
>I encourage you to read ~/.ncftp/firewall for more details. 
>Conveniently copied below.
>
>I'd like to point out two things:
>
>1)  The syntax and ports used only reference FTP.
>2)  The 'NcFTP does NOT support HTTP proxies that do FTP, such as 
>"squid" or Netscape Proxy Server.  Why?  Because you have to 
>communicate with them using HTTP, and this is a FTP only program.'
>
>So ... yes, I am quite certain that there are FTP /proxies/ that are 
>NOT using HTTP.

These are the FTP protocol "hacks" I mentioned before.
The HTTP protocol was created with proxying in mind, FTP was not.
using specially crafted login name for connecting to anoter server is one of 
those hacks.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95