Re: [squid-users] squid non-accel default website
On Tue, 01 Mar 2011 16:43:40 +0100, Nils Hügelmann wrote: Hi Amos, are there any news about this? The splash page template has been added to 3.2 and the langpack already that includes setup instructions for several popular browsers. The code change to send it on non-proxy requests has not been done yet. A secondary change to make squid look up its first available generic listening port instead of using a hard-coded 3128 for use in that template has also not yet been done. Amos On Wed, 12 May 2010 23:02:08 +0200, Nils Hügelmann wrote: > Hi Henrik, > > thanks for the answer, a fallback feature for direct requests would be > great :-) > > regards > nils > > Am 12.05.2010 22:38, schrieb Henrik Nordström: >> tis 2010-05-11 klockan 17:04 +0200 skrev Nils Hügelmann: >> >> >>> At the current state, it shows an "invalid URL" ... "while trying to >>> retrieve the URL: /" error on direct access, which prevents using url >>> rewriters(and deny_info too?!) so how to do this?... >>> >> You can't. >> >> The reason is because Squid really need to know if an request is being >> proxied or accelerated as it have impact on how the request should be >> processed, and HTTP requires web servers (including accelerators) to >> also know how to process requests using full URL. >> >> Can't you move the proxy to a separate port, freeing up port 80 to be >> used as a web server? >> >> But yes, I guess we could add support for fallback mode when seeing an >> obvious webserver request on a proxy port instead of bailing out with >> invalid request. >> FYI: There are some security holes opened when defaulting to intercept or accel mode on supposedly forward traffic. Mandrivia has supplied captive-portal 'splash' pages for 3.2 that can be sent instead of the current invalid response page. If anyone can spare the time to implement a bit of polish let me know please, there are only two small'ish alterations needed to make this happen for 3.2. Amos
Re: [squid-users] squid non-accel default website
Hi Amos, are there any news about this? Thanks, Nils Hügelmann > On Wed, 12 May 2010 23:02:08 +0200, Nils Hügelmann > wrote: > > Hi Henrik, > > > > thanks for the answer, a fallback feature for direct requests would be > > great :-) > > > > regards > > nils > > > > Am 12.05.2010 22:38, schrieb Henrik Nordström: > >> tis 2010-05-11 klockan 17:04 +0200 skrev Nils Hügelmann: > >> > >> > >>> At the current state, it shows an "invalid URL" ... "while trying to > >>> retrieve the URL: /" error on direct access, which prevents using url > >>> rewriters(and deny_info too?!) so how to do this?... > >>> > >> You can't. > >> > >> The reason is because Squid really need to know if an request is being > >> proxied or accelerated as it have impact on how the request should be > >> processed, and HTTP requires web servers (including accelerators) to > >> also know how to process requests using full URL. > >> > >> Can't you move the proxy to a separate port, freeing up port 80 to be > >> used as a web server? > >> > >> But yes, I guess we could add support for fallback mode when seeing an > >> obvious webserver request on a proxy port instead of bailing out with > >> invalid request. > >> > > FYI: > There are some security holes opened when defaulting to intercept or > accel mode on supposedly forward traffic. > Mandrivia has supplied captive-portal 'splash' pages for 3.2 that can be > sent instead of the current invalid response page. If anyone can spare the > time to implement a bit of polish let me know please, there are only two > small'ish alterations needed to make this happen for 3.2. > > Amos
Re: [squid-users] squid non-accel default website
On Wed, 12 May 2010 23:02:08 +0200, Nils Hügelmann wrote: > Hi Henrik, > > thanks for the answer, a fallback feature for direct requests would be > great :-) > > regards > nils > > Am 12.05.2010 22:38, schrieb Henrik Nordström: >> tis 2010-05-11 klockan 17:04 +0200 skrev Nils Hügelmann: >> >> >>> At the current state, it shows an "invalid URL" ... "while trying to >>> retrieve the URL: /" error on direct access, which prevents using url >>> rewriters(and deny_info too?!) so how to do this?... >>> >> You can't. >> >> The reason is because Squid really need to know if an request is being >> proxied or accelerated as it have impact on how the request should be >> processed, and HTTP requires web servers (including accelerators) to >> also know how to process requests using full URL. >> >> Can't you move the proxy to a separate port, freeing up port 80 to be >> used as a web server? >> >> But yes, I guess we could add support for fallback mode when seeing an >> obvious webserver request on a proxy port instead of bailing out with >> invalid request. >> FYI: There are some security holes opened when defaulting to intercept or accel mode on supposedly forward traffic. Mandrivia has supplied captive-portal 'splash' pages for 3.2 that can be sent instead of the current invalid response page. If anyone can spare the time to implement a bit of polish let me know please, there are only two small'ish alterations needed to make this happen for 3.2. Amos
Re: [squid-users] squid non-accel default website
Hi Henrik, thanks for the answer, a fallback feature for direct requests would be great :-) regards nils Am 12.05.2010 22:38, schrieb Henrik Nordström: > tis 2010-05-11 klockan 17:04 +0200 skrev Nils Hügelmann: > > >> At the current state, it shows an "invalid URL" ... "while trying to >> retrieve the URL: /" error on direct access, which prevents using url >> rewriters(and deny_info too?!) so how to do this?... >> > You can't. > > The reason is because Squid really need to know if an request is being > proxied or accelerated as it have impact on how the request should be > processed, and HTTP requires web servers (including accelerators) to > also know how to process requests using full URL. > > Can't you move the proxy to a separate port, freeing up port 80 to be > used as a web server? > > But yes, I guess we could add support for fallback mode when seeing an > obvious webserver request on a proxy port instead of bailing out with > invalid request. > > Regards > Henrik > >
Re: [squid-users] squid non-accel default website
tis 2010-05-11 klockan 17:04 +0200 skrev Nils Hügelmann: > At the current state, it shows an "invalid URL" ... "while trying to > retrieve the URL: /" error on direct access, which prevents using url > rewriters(and deny_info too?!) so how to do this?... You can't. The reason is because Squid really need to know if an request is being proxied or accelerated as it have impact on how the request should be processed, and HTTP requires web servers (including accelerators) to also know how to process requests using full URL. Can't you move the proxy to a separate port, freeing up port 80 to be used as a web server? But yes, I guess we could add support for fallback mode when seeing an obvious webserver request on a proxy port instead of bailing out with invalid request. Regards Henrik
Re: [squid-users] squid non-accel default website
I might be completely misunderstanding your request but can't you just run a http daemon like apache on your proxyserver that serves a page with explanations? rgds, Lieven Nils Hügelmann wrote: Hi, i have a non-accel non-transparent squid 3.1 running on port 80, and when someone accesses the proxy directly (via http://hostname or http://ip) i want the proxy to show an explanation website. At the current state, it shows an "invalid URL" ... "while trying to retrieve the URL: /" error on direct access, which prevents using url rewriters(and deny_info too?!) so how to do this?... Thanks Nils