mån 2006-12-11 klockan 13:26 -0700 skrev Shaun Skillin (home):
> think I need more education on how the packets are presented to squid in
> transparent vs. browser-based mode
Squid does not look at packets. Squid looks at HTTP messages ontop of
TCP connections.
As HTTP is also using HTTP messages (it's the HTTP protocol) having port
80 (http) redirected to Squid kind of works. But Squid need to be aware
that this is done as the HTTP request format differs slightly for proxy
vs origin server requests, and may also need correct interception
support for the interception method used to find the intended
destination as it's not always indicated in the supposedly direct
connection to the server.
FTP is not HTTP, but an HTTP client configured to use an HTTP proxy for
FTP forwards the requested ftp:// URL in an HTTP proxy request to the
proxy, just as if it was a request for an http:// URL. Same thing for
gopher etc..
SSL/https is different. As browsers behind a HTTP proxy also need to be
able to access encrypted https content the HTTP protocol has a special
proxy method for SSL connections, the CONNECT method. This method allows
the browser to request the proxy to make a "direct" connection to the
requested server with the proxy only acting as a dumb communication
relay shuffling data between the two. When the method have completed the
browser is given a full duplex TCP connection to the requested
server:port and the proxy looks no further at the data exchanged (only
shuffles it). You could say it's an escape hatch for HTTP clients out
from a network where direct connections is not allowed.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST