Is it possible for Squid running as a transparent proxy to connect to
Apache running on the same machine? No one on the squid-users group has
responded to this question. Since you guys know about the guts of Squid,
you should be able to tell me if this is at least conceptually possible.
We use squidGuard with Squid. When a site is blocked and the user is
redirected to a "Not Available" web page, we would like it to be served by
Apache running on the same machine instead of going out to the network.
What we have
Linux 2.2.14 with ipchains
Squid 2.4.DEVEL2
squidGuard 1.1.4
Apache 1.3.x
Squid is set up as a transparent proxy according to the FAQ. It is
accelerating port 80 and listening on port 3128. Apache is running on
port 80. Squid and squidGuard work wonderfully when connecting to some
place on the Internet. Apache works wonderfully when connecting directly
to the Linux machine. Squid times out when trying to talk to Apache.
A Cabletron SmartSwitch router redirects all traffic to the Internet
headed for port 80 to the Linux machine. Ipchains redirects the packets
to port 3128 for Squid. Squid sends the packet to squidGuard, squidGuard
redirects it to the same machine (supposedly to Apache running on port
80), Squid tries to make the connection, but it eventually times out.
I have tried moving Apache to various ports and to the internal loopback
interface. I have tried various incantations of ipchains. The problem
is, I can't tell what Squid is actually trying to connect to when it is
redirected. So, I don't know if this is a Squid problem or not, but I
suspect it is.
Some people have mentioned that Squid has code in it to prevent it from
connecting to itself. If that is the case and the code is over zealous,
it could be preventing all connections back to the same machine instead of
just preventing connections to port 3128 on the same machine. Any
thoughts or ideas? Thanks.
Russell Mosemann * Computing Services * Concordia University, Nebraska
Received on Tue Apr 25 2000 - 04:55:29 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:24 MST