> -----Original Message----- > From: Adrian Chadd [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 13 March 2007 3:14 PM > To: Steven > Cc: squid-dev@squid-cache.org > Subject: Re: A few patches > > On Tue, Mar 13, 2007, Steven wrote: > > > This bit is clever! Don't use a CONNECT to port 80 though; > try to find out which port > it was connecting to in the first place and append that. It > won't always be port 80. > (Imagine if someone wanted to feed more than just port 80 > through Squid transparently; > the current code handles that.)
Good point. The only problem is that (under Linux at least) we can't find out the original destination port (ie if traffic destined for port 80 is redirected to port 3128). Would you suggest this as a configuration option on a per-port basis? (ie squid can listen to multiple ports, and the port that the connection arrives on is used to determine the destination port). > Make this configurable though. You don't want to allow people > to tunnel non-resolvable > stuff through without the administrator explicitly deciding to. You need to have an ACL that allows CONNECT requests destined for port 80, otherwise you will get an ACL denied message :) > Nah, just extend commConnectStart() and don't bother with the > commConnectStart2() stuff. > I admit I'm guilty of this kind of thing but it should only > be temporary; never > permanent. If there's no objections to applying this change (in principle), I'll re-work it to extend commConnectStart(). > Nice work though! Thanks Steven -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.10/720 - Release Date: 12/03/2007 7:19 PM
