> From: Chris Olson [SMTP:Chris_Olson@majiq.com]
>
> How about putting the squid server outside the firewall, forcing the
> firewall to
> pass ALL HTTP connections to the squid server, basically making it
> transparent
> to the end user?
>
The problem with it is that an HTTP request to a proxy is
not the same as one to a server.
With HTTP 1.1 there is enough information for the proxy to
work out the original target, and current generation browsers
generate the appropriate HTTP 1.1 headers, even when using
HTTP 1.0. However, squid does not use this information,
even for modern browsers, but relies on the destination
address being preserved in the IP packet. This means lots
of non-standard handling of IP routing.
(Some of this is based on an old version of the FAQ; it is
possible that Squid now understands Host: headers.)
Received on Wed Jun 16 1999 - 11:24:29 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:54 MST