fre 2009-09-18 klockan 11:13 +1000 skrev James Brotchie:

> On Squid 2.7 the "intercepted" acl matches whilst in 3.1 it doesn't.

In 2.7 the myport and myip acls are very unreliable in interception
mode. Depends on the request received if these are the local endpoint or
the original destination enpoint..

> Digging deeper into the Squid 3.1 source it seems that if a http_port
> is set to intercept then the "me" member of ConnStateData, which is
> normally the proxy's ip and listening port, is replaced by the pre-NAT
> destination ip and port.

And in 2.7 it just sometimes are, i.e. when the original destnation is
required to resolve the request.

And on some OS:es it always are replaced, depends on how the original
destination information is given to Squid.

Regards
Henrik

Reply via email to