Re: transparent proxies

From: Miquel van Smoorenburg <[email protected]>
Date: 28 Jul 1997 18:26:39 +0200

In article <m0wsnyK-0008Z4C@relay.noho.co.uk>,
Richard Ayres <RichardA@noho.co.uk> wrote:
>From: Martin Hamilton <martin@mrrl.lut.ac.uk>
>>
>>Just wondering how many people were running Squid in a transparent
>>proxy setup, and what your experiences of this were. For info :-
>
>I'm using such a setup. The only issues so far have been that:
>
>(a) it's fairly useless to use my service providers parent caches
>(cache-?.www.demon.net) because by proxying squid only sees IP addresses,
>not host names and demon aren't generally asked for IP addresses by other
>users;

I think this can be solved pretty easily. You just redirect all port 80
traffic not to squid, but to another port (say 4040) with a redirector
process behind it. That redirector process first reads the whole request header.
If there's a Host: header in it (which all modern browsers provide), use
that to reconstruct a complete URL, otherwise use the IP number. Then connect
to squid and ask for the URL.

Writing such a redirector could be done in a spare afternoon or evening..
if I'm feeling bored tonight I might just give it a shot (I have 90% of
it already done for a similar project).

It should be equally easy to hack this into squid itself (use the Host:
header instead of the result of getsockname() if present). [checking]
ah yes, around line 1644 in icp.c. Hmm the code is already there, it's
just not used in "virtual" mode! Forget about the redirector process..

[clickety click]

Here's a completely untested patch (but it does compile)

[squid-1.1.11-transproxy.patch]
--- icp.c.orig Mon Jul 28 18:17:23 1997
+++ icp.c Mon Jul 28 18:23:03 1997
@@ -1639,13 +1639,29 @@
     if (httpd_accel_mode && *url == '/') {
         /* prepend the accel prefix */
         if (vhost_mode) {
- /* Put the local socket IP address as the hostname */
- url_sz = strlen(url) + 32 + Config.appendDomainLen;
- icpState->url = xcalloc(url_sz, 1);
- sprintf(icpState->url, "http://%s:%d%s",
- inet_ntoa(icpState->me.sin_addr),
- (int) Config.Accel.port,
- url);
+ /*
+ * Put the local socket IP address as the hostname
+ *
+ * If a Host: header was specified, use it to build the URL
+ * instead of the result of getsockname().
+ */
+ if ((t = mime_get_header(req_hdr, "Host")) != NULL) {
+ strtok(t, " :/;@");
+ url_sz = strlen(url) + strlen(t) + 32 + Config.appendDomainLen;
+ icpState->url = xcalloc(url_sz, 1);
+ if (Config.Accel.port != 80)
+ sprintf(icpState->url, "http://%s:%d%s",
+ t, (int) Config.Accel.port, url);
+ else
+ sprintf(icpState->url, "http://%s%s", t, url);
+ } else {
+ url_sz = strlen(url) + 32 + Config.appendDomainLen;
+ icpState->url = xcalloc(url_sz, 1);
+ sprintf(icpState->url, "http://%s:%d%s",
+ inet_ntoa(icpState->me.sin_addr),
+ (int) Config.Accel.port,
+ url);
+ }
             debug(12, 5, "VHOST REWRITE: '%s'\n", icpState->url);
         } else if (opt_accel_uses_host && (t = mime_get_header(req_hdr, "Host"))) {
             /* If a Host: header was specified, use it to build the URL

Mike.

-- 
| Miquel van Smoorenburg |                                                    |
| miquels@cistron.nl     | Owners of digital watches, your days are numbered. |
|     PGP fingerprint: FE 66 52 4F CD 59 A5 36  7F 39 8B 20 F1 D6 74 02       |
Received on Mon Jul 28 1997 - 09:29:15 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:51 MST