Squid Tproxy Patch

Tproxy is truly transparent proxy. A transparent proxy or more precisely an interception proxy is the one that becomes transparent to the clients by transparently intercepting the HTTP requests and serving the response, which means the client need not be explicitly configured to use the proxy but they are transparently sent to the proxy without the client's knowledge. Since the interception proxy forwards the request on behalf of the client, the web server see's the source of the request come from the proxy and hence it is not transparent to the web server.

The tproxy feature comes into solving this issue and makes itself transparent to both for the client and the web server. However, the interception and/or tproxy feature requires kernel support and packet redirection feature of the operating system.

Note: To make still more truly transparent, the proxy should be configured not to add any extra headers while forwarding the request and serving the response.

There were several ways of doing this feature on the kernel and the application and each of them corresponds to a version. The latest and best one is called tproxy-4 which uses IP_TRANSPARENT Socket option. The support for tproxy-4 is already available on linux kernel versions 2.6.28 and above. The patch provided here is tproxy-4 application patch for squid-2.7 versions. This patch automatically removes the existing tproxy-2 feature and tproxy-4 is updated. To enable this feature compile with --enable-linux-tproxy.

For lower version kernels get the tproxy-4 kernal patch from balabit.com or netfilter.org

The source code is released under the GNU General Public License Version 2.

Mail Your suggestions to squid_support@visolve.com