Thanks Joe, I thought that may be the case, but just wanted to confirm which
IP address should be accepted.
> The ip number of the particular site for memory is 63.175.144.49 and the
URL
> is http://cbot.jfnetwork.com
> The actual data on port 3048 comes from the following IP addresses, using
> load balancing:
> 63.175.144.101, 63.175.144.103, 63.175.144.105, 63.175.144.107
>
> Regards;
>
> John
> ----- Original Message -----
> From: "Joe Cooper" <joe@swelltech.com>
> To: "Net Vision Administration" <admin@net-vision.com.au>; "squid users"
> <squid-users@squid-cache.org>
> Sent: Friday, 23 March 2001 5:44
> Subject: Re: [squid-users] Dynamic Content within Web Pages
>
>
> > Actually, because they are switching to port 3048, they aren't really
> > doing anything wrong (at least they aren't putting some other service on
> > port 80--they have made a mistake in client-server negotiation). But
> > they are relying on the source of the HTTP connection to be the same
> > source as the other connection, which obviously breaks when a
> > transparent (interception) proxy is in place.
> >
> > So...You need to bypass the cache for the website IP--where the mistaken
> > connection information is getting fed into their system. Port 3048
> > should not be going to the cache regardless of the protocol in use.
> >
> > Obviously you'll lose the ability to cache the site, but unless they fix
> > their client-server protocol to accurately negotiate a connection on
> > another port, it's the only option. I don't see how they're managing to
> > do it incorrectly, actually--the client should be doing the connecting
> > on port 3048 from it's own IP--why they are pulling the IP from the HTTP
> > connection I can not guess.
> >
> > I'm betting some others here have more knowledge on this subject than I,
> > actually. Perhaps they'll chime in with more complete information.
> >
> > Hope this helps. What's the URL of the offending site BTW? (And what
> > IP can be bypassed to fix the problem, once you've got it figured out.)
> >
> >
> > Net Vision Administration wrote:
> >
> > > Thanks Again Joe,
> > > One thing I wasn't certain of, is which IP address should be accepted.
> With
> > > this mob's configuration, they have their web server which sends the
> page
> > > with empty fields on one IP address and then the data which is
inserted
> > > within the fields on the same web page, comes from another server with
a
> > > different IP address on port 3048
> > >
> > > Thanks;
> > >
> > > John
> > > ----- Original Message -----
> > > From: "Joe Cooper" <joe@swelltech.com>
> > > To: "Net Vision Administration" <admin@net-vision.com.au>
> > > Sent: Friday, 23 March 2001 3:58
> > > Subject: Re: [squid-users] Dynamic Content within Web Pages
> > >
> > >
> > >
> > >> Yes.
> > >>
> > >> Just put an ACCEPT rule before the REDIRECT rule, and all will be
> happy.
> > >>
> > >> Net Vision Administration wrote:
> > >>
> > >>
> > >>> Thanks Joe,
> > >>> That's exactly what they're doing. They are sending their data via
> port
> > >>
> > > 3048
> > >
> > >>> for some reason.
> > >>> I'm using IP Chains, so I presume you just mean throwing in another
> rule
> > >>
> > > to
> > >
> > >>> allow their IP address to pass and not be redirected to the cache.
> > >>>
> > >>> Thanks;
> > >>>
> > >>> John
> > >>> ----- Original Message -----
> > >>> From: "Joe Cooper" <joe@swelltech.com>
> > >>> To: "Net Vision Administration" <admin@net-vision.com.au>
> > >>> Cc: <squid-users@squid-cache.org>
> > >>> Sent: Friday, 23 March 2001 1:42
> > >>> Subject: Re: [squid-users] Dynamic Content within Web Pages
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>> Sounds to me like they have implemented a non-HTTP protocol over
the
> > >>>> HTTP port. Not a proxy friendly thing to do. Your best bet, if
you
> > >>>> can't convince them to move their non-HTTP protocol off of the HTTP
> > >>>> port, is to bypass the cache for the offending site. You don't
need
> > >>>> individual client rules... Just don't redirect any traffic destined
> for
> > >>>> the IP in question to the cache. They'll be routed directly for
> those
> > >>>> requests.
> > >>>>
> > >>>> Net Vision Administration wrote:
> > >>>>
> > >>>>
> > >>>>
> > >>>>> I am running Squid 2.2 as a transparent proxy, but have a couple
of
> > >>>>> clients using specialised Web Sites and pages for stock quotes.
The
> > >>>>
> > > page
> > >
> > >>>>> is static, but the quotes appear in various fields within the web
> page
> > >>>>> and are changed ever 10 minutes.
> > >>>>>
> > >>>>> It appears the incoming data is sent to Squid's IP address, as
that
> is
> > >>>>> the IP address that originally requested the page, but with this
> > >>>>> constant incoming data, Squid does not know what to do with it, as
> it
> > >>>>> has already sent the originally requested page back to the clients
> > >>>>> concerned.
> > >>>>>
> > >>>>> Is there anyway I can change the config within Squid to recognise
> > >>>>
> > > where
> > >
> > >>>>> this constantly changing incoming data should be sent to, so as I
> > >>>>
> > > don't
> > >
> > >>>>> have to construct individual routing tables for each client.
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> Thanks;
> > >>>>>
> > >>>>> John McGill
> > >>>>
> > >>>> --
> > >>>> Joe Cooper <joe@swelltech.com>
> > >>>> Affordable Web Caching Proxy Appliances
> > >>>> http://www.swelltech.com
> > >>>>
> > >>>
> > >>
> > >> --
> > >>
> > >> --
> > >> Joe Cooper <joe@swelltech.com>
> > >> Affordable Web Caching Proxy Appliances
> > >> http://www.swelltech.com
> > >>
> >
> >
> > --
> >
> > --
> > Joe Cooper <joe@swelltech.com>
> > Affordable Web Caching Proxy Appliances
> > http://www.swelltech.com
> >
>
Received on Fri Mar 23 2001 - 02:42:45 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:48 MST