Adrian Chadd wrote:
> On Sun, Nov 11, 2007, Alex Vorona wrote:
>
>> Hello
>>
>> I got transparent squid 2.6 on Linux box via iptables REDIRECT. All
>> works fine, but squid actually ignores original DST IP in hijacked
>> connection and uses Host header to resolve to IP and then connects to
>> that IP.
>>
>
> I believe thats a security feature.
This is acceptable, but not in transparent proxy.
Maybe I want to test my google on IP 1.1.1.1, but I can't :)
> Allowing the client to control
> the Host: name to destination IP mapping makes for some pretty horrible
> cache poisoning possibilities.
>
>
Yes, it is. Maybe correct proxying of such requests without caching
will be solution?
Regards,
Alex
Received on Sun Nov 11 2007 - 04:44:31 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST