On 01/02/11 16:29, Pandu Poluan wrote:
> Hello,
>
> I want to configure SQUID as a transparent proxy, but on a separate
> box from the Linux gateway (both boxes using Ubuntu Server 10.04)
>
> I found this howto: http://www.faqs.org/docs/Linux-mini/TransparentProxy.html
>
> Now, my questions are:
>
> 1. Is the howto (esp. sections 6.2 and 6.3) still applicable with the
> latest SQUID version?
The whole of section 6.1 is a major security vulnerability "don't do
it!" situation. Read CVE-2009-0801 for an explanation of what malware
can do to trivially spread themselves across your whole client base.
The currently available Squid do permit it with loud failure warnings in
cache.log. We are planning on fully disabling the security hole in the
near future.
Section 6.2 and 6.3 are the recommended way if you have to do NAT
interception.
The real transparent proxy (TPROXY) in the more recent Squid does not
work reliably on Ubuntu 10.04.
>
> 1a. If yes, which strategy should I be using?
>
> 2. Slightly tangential: Does SQUID fully support HTTP/1.1?
squid-3.2 does.
squid-3.1 and squid-2.7 almost do.
other versions do not.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4Received on Tue Feb 01 2011 - 06:37:06 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 12:00:04 MST