> I am running squid 2.5 on OSX, transparently using a Cisco 806 running
> IOS 12.3(15)
>
> The way I understand is that all port 80 traffic is intercepted by the
> cisco, which issues an icmp redirect with my squid server's ip address
Thatīs not at all what happens. The idea is that the interceptor
fetches the url
fooling the browser, so that it thinks it is directly connected to the
remote website.
Perhaps defeating transp. proxy setups maybe the overall
good thing. Hereīs my usual plea-agains-transp-proxying-list :
- Intercepting HTTP breaks TCP/IP standards because user agents
think they are talking directly to the origin server.
- It causes path-MTU to fail. Possibly making the website not accessible.
- As a result for instance on older IE versions ; "reload" did not
work as expected.
- You can't use proxy authentication
- You can't use IDENT lookups
- Intercepting proxies are incompatible with IP filtering designed
to prevent address spoofing.
- Clients are still expected to have full Internet DNS resolving
capabilities , when in certain Intranet/Firewalling setups , this
is not always wanted.
- Related to above : because of transp. proxy setup : a browser
connects to a site
which is down.HOWEVER , due to the transparant proxying setup. It gets
a connected state to the interceptor. The
end user may get wrong error messages or a browser, seemingly
doing nothing anymore.
M.
Received on Mon Jan 09 2006 - 07:49:16 MST
This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST