Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
I know squid can do it, I just don't know how to do it with squid :) You
have squid listen to port 80 traffic and transparent proxy. Here's a fwd on
it though. I don't know if it will help - I saved it for a rainy day :)
-- Brent
-----Original Message-----
From: Nathan Odle [mailto:EMAIL:PROTECTED]
Sent: Thursday, March 01, 2001 7:46 PM
To: EMAIL:PROTECTED
Subject: [MLUG] Squid/FW Configuration
As I mentioned earlier last week, I'm setting up a dual-CPU Dell to do
FW/proxy cache/webserver/mailserver duty. I will be using 2.4.2 and
netfilter, with Squid for the proxy.
I want to disallow web access to all but a certain set of domains for some
IPs, and am wondering the best way to do it. I can see putting dest rules
in the firewall setup for this, but I could also see using Squid. Any
suggestions/preferences? Regardless of destination, I want all web access
attempts logged, if even for just the previous 24 hours.
If I go with the Squid route, I can't see a clear way to do it. Would using
a delay class with the bandwidth set to 0 work? I've already RTFM for Squid
and didn't see anything specific in there...
Also, is the standard operating procedure with a proxy cache to disable port
80 at the firewall for systems you want to force to use the proxy cache?
-n8
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
This is a forwarded message
From: Evan Jones <EMAIL:PROTECTED>
To: EMAIL:PROTECTED <EMAIL:PROTECTED>
Date: Monday, November 27, 2000, 3:11:43 PM
Subject: Squid Transparent Proxy on Linux 2.4: The Entire Story
===8<==============Original message text===============
After spending a day I have figured out the whole story about Squid on
Linux 2.4.
The squid.conf for Squid 2.3 needs to be something like the following:
http_port 8080
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Squid 2.4 needs an additional line added:
httpd_accel_single_host off
Once the squid.conf configuration is correct, any clients connecting that
supply a "Host" header with the HTTP connection will work. The Host header
is an optional part of HTTP 1.0 which most newer clients support. It is a
required part of HTTP/1.1. This means that any newer clients will work with
an unmodified Squid proxy.
However, if you wish to support clients which do not provide this header,
Squid will need to be patched. I have attached my patch for Squid 2.4. It
should be easy to back port it to Squid 2.3 if anyone is interested. I
would also be interested in any feedback about it (Is it hard to get it to
work, is it correct, etc.) Here is how to use this patch:
1. Patch the Squid2.4.DEVEL4 source.
2. Run autoconf in the source directory.
3. Run ./configure --enable-linux-netfilter
4. Compile and install as normal.
--
Evan Jones - EMAIL:PROTECTED
Technology with Attitude - Rebel.com
===8<===========End of original message text===========
--
Best regards,
Michiel mailto:EMAIL:PROTECTED
squid-2.4-netfilter.patch.gz
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact