On Sun, Nov 11, 2007, Alex Vorona wrote:
> Hello
>
> I got transparent squid 2.6 on Linux box via iptables REDIRECT. All
> works fine, but squid actually ignores original DST IP in hijacked
> connection and uses Host header to resolve to IP and then connects to
> that IP.
I believe thats a security feature. Allowing the client to control
the Host: name to destination IP mapping makes for some pretty horrible
cache poisoning possibilities.
It shouldn't be difficult to patch Squid-2.6 to use the original destination IP
if required (if there isn't one already!) but I'm not sure how to work around
the cache poisioning. Henrik, any ideas?
Adrian
-- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -Received on Sun Nov 11 2007 - 04:01:17 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST