Basically: Host header forgery meets interception.
What ideas/patches do we have floating around to solve it? I understand
it's an old problem.
I'm throwing together a patch to verify the received dst IP is in the
rDNS for the Host: domain. But that's only raising the bar of
difficulty, not closing the hole.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6Received on Tue Mar 17 2009 - 13:18:43 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 17 2009 - 12:00:04 MDT