On 20/07/2013 5:07 a.m., Guy Sass wrote:
When I have squid set to act as a normal proxy (http_port 3128) and
set my browser to use squid as a proxy, things work just fine.
When I set squid transparent (http_port 3128 intercept) and then
redirect normal outbound port 80 traffic to squid (with my browser
unaware that it's being proxied), squid goes through the three way
handshake process, gets my request, and dumps me:
<snip>
I tried gutting my acls to see if that might have an effect, but it
did not. Am I encountering some kind of bug, or merely doing something
colossally stupid? See config, below:
There are two things in the config which might be hiding this type of
problem.
http_port 3128 intercept
#http_port 3128
You appear to have no separate forward-proxy and intercept-proxy ports.
Squid generates content in things like error pages which need to be
served up in forward-proxy or "accel" mode ports. If you serve them from
intercept-ports you end up with forwarding loops that can kill the whole
machine - that would appear as Squid "disconnecting".
Since Squid does or the machine goes down there is nothing logged
about such problems in access.log unless they are detected and halted by
forwarding loop protection ...
coredump_dir /var/cache/squid
forwarded_for transparent
via off
"via" feature of HTTP is used by Squid to detect and terminate
forwarding loops before they get anywhere near causing major issues.
You are using "forwarded_for" in one of the new privacy settings, there
is little gained by disabling via as well and everything to loose.
Amos
