Re: [squid-users] Innocuous header that maybe won't get bounced this time.... real question about Squid

From: Robert Collins <[email protected]>
Date: 16 Oct 2002 16:30:52 +1000

On Wed, 2002-10-16 at 15:56, Joe Cooper wrote:
> Your other posts made it to the list, Simon. No one is answering
> because no one has an answer that you want like to hear.

Simon,
I think it's also worth noting a few important things:

1) There are quite a few sites running gzip compression that *DO NOT*
send appropriate headers detailing the decision to compress, and that
then confuses later visitors to the site through squid (or any http
proxy). TCP interception mode doesn't affect this.
2) TCP interception breaks the TCP/IP end to end model, and will
*consistently* lead to incorrect results. I've *never* seen an
intercepting proxy do the right thing all the time, and I've seen a few
:}.
3) Rather than searching for a technological solution to a policy
problem (that being "all clients must use a proxy"). Try using a policy
based solution: Block all access from other than the proxy to port 80.
Intercept port 80 traffic to a web page that details your policy, and
how to configure xyz software to use your proxy.

That said, ANY alterations to a request - including grabbing it from a
cache, MAY cause the problems you are experiencing, and there is nothing
that can be done - short of using a router rather than an intercepting
proxy :}.

Cheers,
Rob

Received on Wed Oct 16 2002 - 00:30:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:42 MST