Re: myport and myip differences between Squid 2.7 and 3.1 when running in intercept mode

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Fri, 18 Sep 2009 22:28:53 +0200

fre 2009-09-18 klockan 11:13 +1000 skrev James Brotchie:

> On Squid 2.7 the "intercepted" acl matches whilst in 3.1 it doesn't.

In 2.7 the myport and myip acls are very unreliable in interception
mode. Depends on the request received if these are the local endpoint or
the original destination enpoint..

> Digging deeper into the Squid 3.1 source it seems that if a http_port
> is set to intercept then the "me" member of ConnStateData, which is
> normally the proxy's ip and listening port, is replaced by the pre-NAT
> destination ip and port.

And in 2.7 it just sometimes are, i.e. when the original destnation is
required to resolve the request.

And on some OS:es it always are replaced, depends on how the original
destination information is given to Squid.

Regards
Henrik
Received on Fri Sep 18 2009 - 20:29:04 MDT

This archive was generated by hypermail 2.2.0 : Sat Sep 19 2009 - 12:00:05 MDT