Posted by: h4ck@lyst | December 17, 2007

transparent proxy

RFC 2616 (Hypertext Transfer Protocol — HTTP/1.1) offers:

“A ‘transparent proxy’ is a proxy that does not modify the request or response beyond what is required for proxy authentication and identification.”

Well we had the following scenario. We have a squid proxy set up on which can be accessed only by the user delta with the given password through Now what I wanted to do was to set up a transparent proxy so that the end user connects to and he is redirected to without him accessing any proxy. So a transparent proxy was set on delta. the httpd.conf uses proxy pass to forward any request for /wiki to Now since the redirection is done on server side, it becomes a localhost request and the transparent proxy accepts its and forwards it to the parent proxy.

F ollowing are some of the configurations done by satya to enable all this.

cache_peer parent 3128 3130 login=username:password

this defines the parent proxy to which rrequest has to be send.


This states that for the domains wikipedia and wikimedia only refer to your peer cache at domain and for all the rest do not go to the parent/peer domain/cache.

acl QUERY urlpath_regex cgi-bin
cache deny QUERY
well it says that querries having cgi-bin will not be cached. had to remove ? from this line else the intercepting proxy will not forward it to the parent proxy requests like

@import “/skins-1.5/common/shared.css?102”

acl list dstdomain

With ‘never_direct’ you can use ACL elements to specify
#       requests which should NEVER be forwarded directly to origin
#       servers.  For example, to force the use of a proxy for all
#       requests, except those in your local domain use something like:
#               acl local-servers dstdomain
#               acl all src
#               never_direct deny local-servers
#               never_direct allow all

so basically dstdomain requests only will be sent to the parent proxy

http_reply_access allow list
http_reply_access deny all

so only acl list will be allowed to pass down to the clients.


This masquerades all incoming requests to the parent proxy as since the parent proxy is configured to process only client requests from and from no other client ip.

And last but not the least the comment that helps me to keep track of all these changes to the squid.conf

# for wiki – satya
And the httpd.conf reverse proxy part

ProxyRemote * #Dont ask me abt this. This I picked from suren’s comments for  spoj
ProxyPass /skins-1.5/
ProxyPassReverse /skins-1.5/
ProxyPass /wiki/
ProxyPassReverse /wiki/

The first two lines to allow the css download.

Will be configuring it the similar way for epaper soon!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: