[plug] Transparent proxy ACL with squid
John Usher
john.usher at people.net.au
Thu May 11 21:43:37 WST 2006
> So far I have:
> acl urlBlock dstdomain urlBlock.txt
> acl keywordBlock url_regex keywordBlock.txt
> http_access deny urlBlock
> http_access deny keywordBlock
> http_access deny all
> urlBlock.txt and keywordBlock.txt are stored in /etc/squid as is
> squid.conf
> ...
Is the problem to do with the way transparent proxies work?
The transparent proxy possibly passes the IP address of the destination to
the proxy server.
For example a domain x.y.com might have an IP address of 1.2.3.4
Transparent proxy sees a connection to 1.2.3.4 with GET /index.html
It then redirects to squid with GET http://1.2.3.4/index.html
Squid compares '1.2.3.4' to 'x.y.com' and the strings don't match.
I'm not sure that any transparent proxy looks at the 'Host:' header in the
HTTP request to determine the destination site. This header is a requirement
these days (as of HTTP/1.1) as lots of domains share IP addresses. The HTTP
request above from the browser would be something like:
GET /index.html HTTP/1.1
...
Host: x.y.com
...
Unsure, but just an idea...? Perhaps it is just a case of looking for a
transparent proxy that can do this????
John.
More information about the plug
mailing list