RE: [fw-wiz] Transparent proxying

From: Victoria of Borg (
Date: 02/13/04

  • Next message: Brian Ford: "Re: [fw-wiz] Vlan's as effective security measures?"
    To: <>
    Date: Fri, 13 Feb 2004 09:11:53 -0800

    > From:
    > [] On Behalf
    > Of kaptain
    > Subject: RE: [fw-wiz] Transparent proxying
    > WCCP is more elegant. It doesn't force default routes and it
    > uses health checks with proxies that support it. If the
    > proxy goes down, the router will bypass the proxy and go
    > directly to the origin server.

    A couple of months ago, I helped setup a WCCP-based system using Squid
    ( as the cache-engine. This worked remarkably well.
    When we brought up the Squid engine, after making sure our WCCP config was
    correct, every single outbound HTTP request was routed through the proxy.
    Not a single change was needed on the desktop. It was a wonderous event.

    To make matters more interesting, the WCCP protocol supports multiple
    cache-engines. It then parcels out a portion of traffic to each engine
    based on a hash of the URL. That way, all traffic heading to hits the same cache, where traffic going to could go through a different one. If any of the
    engines drops out, within 30 seconds WCCP will notice and repartition
    traffic accordingly. And if all engines fail, traffic goes out the default
    route instead.

    firewall-wizards mailing list

  • Next message: Brian Ford: "Re: [fw-wiz] Vlan's as effective security measures?"

    Relevant Pages

    • Re: FreeBSD 6.x / GRE / WCCP / Squid
      ... >> wccp version 2 in order to run wccp with squid. ... Squid doesn't support WCCP version 2. ... I see the packets hitting fxp0 correctly and I see the forward rules, ... and the proxy server is in a routable IP range in my DMZ. ...
    • Re: Proxy with PIX
      ... > What do you mean by WCCP? ... its a protocol, used to intercept traffic, and forward it to the proxy. ... Prev by Date: ...