> From: Matt Ashfield [SMTP:mda@unb.ca]
>
> I'm new to squid, so I apologize if this is a newbie question. I'm trying
> to
> set up a transparent webcache using squid.
>
This should be treated as an advanced TCP hackers question,
not a newbie question - things will work much better from a
technical point of view if you use the web server the way
it was intended to be used.
> - Users requests a web page from webserver
>
Browser looks up the first matching valid IP address for the
server and tries to send to that.
> - router routes the request to the squid box
>
Somehow communicating the existing destination IP address
(I don't know the details of the CISCO method, but the Linux
method is that the router and squid box must be the same and
the intercepted IP address is treated as a transient alias
of the squid box address.)
Alternatively, the browser uses the HTTP/1.1 Host header to indicate
the real target.
> - squid does what squid is supposed to do and returns either a cached
> version of the requested web page or goes to the webserver and returns
> one
> from there.
>
Squid looks up the IP address that it is pretending to be for this
request, to find the real host name, or uses the HOST header, and
processes the resulting request as though it had been a proxy
request
(with the destination host in the actual URL).
If the reverse look up fails, it probably uses the IP address; if
the
first IP address for the service is down, the request fails.
The firewall recognizes that the forwarded request comes from the
squid box and handles it normally rather than hacking it back to
the squid box.
Meanwhile, the client doesn't believe that there is a proxy, so will
not do any of the processing it would normally do for for a proxy
request.
Received on Fri Oct 22 1999 - 09:11:25 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:01 MST