Why doesn Squid make ident lookups in interception mode? . . . . . . . . . . . . . . . . . .
Its a side-effect of the way interception proxying works. When Squid is configured for interception proxying, the operating system pretends that it is the origin server. That means that the “local” socket address for intercepted TCP connections is really the origin server’s IP address. If you run netstat -n on your interception proxy, you’ll see a lot of foreign IP addresses in the Local Address column. When Squid wants to make an ident query, it creates a new TCP socket and binds the local endpoint to the same IP address as the local end of the client’s TCP connection. Since the local address isn’t really local (its some far away origin server’s IP address), the bind() system call fails. Squid handles this as a failed ident lookup.