Caching for download servers

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Caching for download servers

Umut Arus
Hi,

I'd like to ask about how redirect a client to squid server for only some destination domain zone (or IP addresses). We would like to cache some download server without doing any setup on client side.

I appreciate you comments.

thanks.

--
Umut Arus

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Caching for download servers

Amos Jeffries
Administrator
On 03/01/18 20:25, Umut Arus wrote:
> Hi,
>
> I'd like to ask about how redirect a client to squid server for only
> some destination domain zone (or IP addresses). We would like to cache
> some download server without doing any setup on client side.
>

What do you mean by "cache some download server" ?

It sounds a bit like you are looking for NAT interception
(<https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect>)

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Caching for download servers

Umut Arus
Thank you. It seems a nice guide. I mean caching some destinations used for download without doing any setup on client side. Is it possible to use dns to proxy redirection for some destination zones?

Regards.

On Wed, Jan 3, 2018 at 3:25 PM, Amos Jeffries <[hidden email]> wrote:
On 03/01/18 20:25, Umut Arus wrote:
Hi,

I'd like to ask about how redirect a client to squid server for only some destination domain zone (or IP addresses). We would like to cache some download server without doing any setup on client side.


What do you mean by "cache some download server" ?

It sounds a bit like you are looking for NAT interception (<https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect>)

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users



--
Umut Arus
System Specialist
Information Technology
Sabancı University
 
Phone: +90216 483 9172



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Caching for download servers

Amos Jeffries
Administrator
On 04/01/18 19:43, Umut Arus wrote:
> Thank you. It seems a nice guide. I mean caching some destinations used
> for download without doing any setup on client side. Is it possible to
> use dns to proxy redirection for some destination zones?

No. Well, it may be _possible_ but very, very far from safe.

When intercepting traffic there are some *extremely* nasty security
issues involved with Host header that have to be avoided. The details
can be found at
<https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>.

The only way to safely avoid lots of false errors is to relay traffic to
the dst-IP the client presents when the security checks fail.

But if you alter DNS so Squid and clients see different things then
*all* the traffic shows up as forged and the dst-IP will be the proxies
own IP.

So there is nowhere the proxy can connect to which will provide the
content needed. Attempts to do so loops infinitely back to the proxy.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users