Actually, because they are switching to port 3048, they aren't really
doing anything wrong (at least they aren't putting some other service on
port 80--they have made a mistake in client-server negotiation). But
they are relying on the source of the HTTP connection to be the same
source as the other connection, which obviously breaks when a
transparent (interception) proxy is in place.
So...You need to bypass the cache for the website IP--where the mistaken
connection information is getting fed into their system. Port 3048
should not be going to the cache regardless of the protocol in use.
Obviously you'll lose the ability to cache the site, but unless they fix
their client-server protocol to accurately negotiate a connection on
another port, it's the only option. I don't see how they're managing to
do it incorrectly, actually--the client should be doing the connecting
on port 3048 from it's own IP--why they are pulling the IP from the HTTP
connection I can not guess.
I'm betting some others here have more knowledge on this subject than I,
actually. Perhaps they'll chime in with more complete information.
Hope this helps. What's the URL of the offending site BTW? (And what
IP can be bypassed to fix the problem, once you've got it figured out.)
Net Vision Administration wrote:
> Thanks Again Joe,
> One thing I wasn't certain of, is which IP address should be accepted. With
> this mob's configuration, they have their web server which sends the page
> with empty fields on one IP address and then the data which is inserted
> within the fields on the same web page, comes from another server with a
> different IP address on port 3048
>
> Thanks;
>
> John
> ----- Original Message -----
> From: "Joe Cooper" <joe@swelltech.com>
> To: "Net Vision Administration" <admin@net-vision.com.au>
> Sent: Friday, 23 March 2001 3:58
> Subject: Re: [squid-users] Dynamic Content within Web Pages
>
>
>
>> Yes.
>>
>> Just put an ACCEPT rule before the REDIRECT rule, and all will be happy.
>>
>> Net Vision Administration wrote:
>>
>>
>>> Thanks Joe,
>>> That's exactly what they're doing. They are sending their data via port
>>
> 3048
>
>>> for some reason.
>>> I'm using IP Chains, so I presume you just mean throwing in another rule
>>
> to
>
>>> allow their IP address to pass and not be redirected to the cache.
>>>
>>> Thanks;
>>>
>>> John
>>> ----- Original Message -----
>>> From: "Joe Cooper" <joe@swelltech.com>
>>> To: "Net Vision Administration" <admin@net-vision.com.au>
>>> Cc: <squid-users@squid-cache.org>
>>> Sent: Friday, 23 March 2001 1:42
>>> Subject: Re: [squid-users] Dynamic Content within Web Pages
>>>
>>>
>>>
>>>
>>>> Sounds to me like they have implemented a non-HTTP protocol over the
>>>> HTTP port. Not a proxy friendly thing to do. Your best bet, if you
>>>> can't convince them to move their non-HTTP protocol off of the HTTP
>>>> port, is to bypass the cache for the offending site. You don't need
>>>> individual client rules... Just don't redirect any traffic destined for
>>>> the IP in question to the cache. They'll be routed directly for those
>>>> requests.
>>>>
>>>> Net Vision Administration wrote:
>>>>
>>>>
>>>>
>>>>> I am running Squid 2.2 as a transparent proxy, but have a couple of
>>>>> clients using specialised Web Sites and pages for stock quotes. The
>>>>
> page
>
>>>>> is static, but the quotes appear in various fields within the web page
>>>>> and are changed ever 10 minutes.
>>>>>
>>>>> It appears the incoming data is sent to Squid's IP address, as that is
>>>>> the IP address that originally requested the page, but with this
>>>>> constant incoming data, Squid does not know what to do with it, as it
>>>>> has already sent the originally requested page back to the clients
>>>>> concerned.
>>>>>
>>>>> Is there anyway I can change the config within Squid to recognise
>>>>
> where
>
>>>>> this constantly changing incoming data should be sent to, so as I
>>>>
> don't
>
>>>>> have to construct individual routing tables for each client.
>>>>>
>>>>>
>>>>>
>>>>> Thanks;
>>>>>
>>>>> John McGill
>>>>
>>>> --
>>>> Joe Cooper <joe@swelltech.com>
>>>> Affordable Web Caching Proxy Appliances
>>>> http://www.swelltech.com
>>>>
>>>
>>
>> --
>>
>> --
>> Joe Cooper <joe@swelltech.com>
>> Affordable Web Caching Proxy Appliances
>> http://www.swelltech.com
>>
-- -- Joe Cooper <joe@swelltech.com> Affordable Web Caching Proxy Appliances http://www.swelltech.comReceived on Fri Mar 23 2001 - 00:36:01 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:48 MST