Squid Web Cache wiki

Squid Web Cache documentation

🔗 Cisco ASA and Squid with WCCP2

🔗 Very important passage from the Cisco-Manual

:x: “The only topology that the security appliance supports is when client and cache engine are behind the same interface of the security appliance and the cache engine can directly communicate with the client without going through the security appliance.”

🔗 Cisco ASA

Bypass the Squid box from re-capture

 access-list wccp_redirect extended deny ip host $SQUID-IP any

Note: This shouldn’t be required, because the asa would build this rule itself, when adding the squid box.

… while capturing the local /24 network defined by “workstations”.

 access-list wccp_redirect extended permit tcp workstations any eq www

Intercept everything not prevented by the bypass list:

 wccp web-cache redirect-list wccp_redirect password foo

 wccp interface internal web-cache redirect in

p.s.: you should deny other forwardings with iptables

🔗 Squid configuration for WCCP version 2

All the squid.conf options beginning with wccp2_* apply to WCCPv2 only

🔗 Squid configuration

Squid-2.6 to Squid-3.0 require magic numbers…

http_port 3129 transparent
wccp2_router $IP-OF-ROUTER
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0 password=foo

🔗 Squid box OS configuration

modprobe ip_gre
ip tunnel add wccp0 mode gre remote $ASA-EXT-IP local $SQUID-IP dev eth0

ifconfig wccp0 $SQUID-IP netmask up

⚠️ Disclaimer: Any example presented here is provided "as-is" with no support
or guarantee of suitability. If you have any further questions about
these examples please email the squid-users mailing list.

Categories: ConfigExample

Navigation: Site Search, Site Pages, Categories, 🔼 go up