Perhaps I'm not clear what you mean be "send it on" - but if you mean have a
totally unproxied request, you may be out of luck. I'm not sure you can
have your cake and eat it too. It sounds like you want to do Layer 7
switching, but not have the connection every escalate above layer 4 between
the client and the web server. This just may not be possible.
This is hard stuff, I think. It sounds like you need a layer-7 switch of
some sort, with something like out-of-path/direct-send return.
All traffic would go to the L7 switch, which would accept the TCP
connection, wait for the REQUEST header, get it and parse it, then push the
request essentially unaltered at some HTTP server. You could set up an two
intercepting firewalls in the way of this, one running Squid, and the other
running something like NAT. I think... I haven't given this serious
meditation, and certainly haven't tried it. You may run into problems in
that these switches typically rely upon ARP to do their voodoo, which means
they likely won't work in an "outgoing traffic to the internet" sense.
Good luck,
Sean
-----Original Message-----
From: ChrisHoover@safety-kleen.com [mailto:ChrisHoover@safety-kleen.com]
Sent: Friday, August 23, 2002 11:02 AM
To: Joe Cooper
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Help getting squid configured
I know this is true, but what I really need to have happen is when squid
gets request for the TROUBLE site to just send the requests straight to
the site. I really need to have all requests come through the squid
server since that is the company direction. Otherwise, I will have to have
a special exception added to the firewall since no web request can get out
w/o going through the proxy.
So, is there a way to setup a rule that says if request is going to site x
don't "mess" with it just send it on?
Thanks,
Chris
Joe Cooper <joe@swelltech.com>
08/23/2002 02:00 PM
To: ChrisHoover@safety-kleen.com, squid-users@squid-cache.org
cc:
Subject: Re: [squid-users] Help getting squid configured
First point: Squid can never be configured to not proxy something--once
the packet hits Squid, it can only proxy it. So if you need a direct
client->server connection, you need to make the client bypass Squid. To
be more verbose, Squid is an application level proxy and as such it
doesn't have the option to 'not bother the requests', it can either
accept the connection or refuse it, neither of which is what you're
asking for. If it accepts the request it has to proxy it--it can't
reinject it back into the routing path without making a new request
itself (which 'bothers' the request).
Solutions: If running an interception proxy, add a bypass rule to
either your router (if using WCCP) or your proxy OS rules (if using OS
port redirection). If running a traditional proxy, add the site to the
list of sites that aren't retrieved through the proxy (this is in the
browser configuration somewhere).
ChrisHoover@safety-kleen.com wrote:
> I need some help, I submitted a problem the other day and have not
gotten
> any responses (e-mail Help with problem site). Anyway, this site is
> giving me fits and I need help getting squid configured to not bother
> requests to this site and to cleanly pass the packets back and forth
> between the end user and the site. Can someone please help me get this
> configured.
>
> I'm running 2.4-STABLE7 on Redhat Linux 7.1.
>
> Thanks,
>
> Chris
-- Joe Cooper <joe@swelltech.com> Web caching appliances and support. http://www.swelltech.comReceived on Fri Aug 23 2002 - 12:26:32 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:49 MST