|
Transparent Proxy (TProxy)
Tproxy is truly transparent proxy. A transparent proxy or more precisely an interception proxy
is the one that becomes transparent to the clients by transparently intercepting the http requests
and serving the response, which means the client need not be explicitly configured to use the proxy
but they are transparently sent to the proxy without the client's knowledge.
Since the interception proxy forwards the request on behalf of the client, the web server see's the
source of the request come from the proxy and hence it is not transparent to the web server.
The tproxy feature comes into solving this issue and makes itself transparent to both for the
client and the web server.
However, the interception and/or tproxy feature requires kernel support and packet redirection
feature of the operating system.
Note:
To make still more truly transparent, the proxy should be configured not to add any extra
headers while forwarding the request and serving the response.
There were several ways of doing this feature on the kernel and the application and each of
them corresponds to a version. The latest and best one is called tproxy-4 which uses IP_TRANSPARENT Socket option. The support for
tproxy-4 is already available on linux kernel versions 2.6.28 and above.
The patch provided here is tproxy-4 application patch for squid-2.7 versions.
This patch automatically removes the existing tproxy-2 feature and tproxy-4 is updated.
To enable this feature compile with
--enable-linux-tproxy.
For lower version kernals get the tproxy-4 kernal patch from balabit.com or netfilter.org
The source code is released under the GNU General Public License Version 2.
Mail Your suggestions to 
| |
|
|
