Re: [squid-users] When worlds collide

From: Tuc at T-B-O-H.NET <ml_at_t-b-o-h.net>
Date: Sun, 13 Jul 2008 10:46:11 -0400 (EDT)

>
> Tuc at T-B-O-H.NET wrote:
> > Hi,
> >
> > Running into a problem, not sure if or how to handle it.
> >
> > User running windows has an entry in their (Windows
> > equiv of /etc/hosts) that says :
> >
> > 192.168.3.10 SNEAKY.EXAMPLE.COM
> >
> > For the rest of the world, SNEAKY.EXAMPLE.COM doesn't
> > exist (NXDOMAIN).
> >
> > Without squid in transparent/WCCP2 mode, it appears that
> > the user contacts 192.168.3.10 and does his thing. With squid+
> > transparent+WCCP2, we end up with 503's.
> >
> > Is there even a way to be able to address this, or is
> > the user just going to be out of luck period?
>
> Out of luck. Domain hijacking like this is precisely why squid doesn't
> trust the client-given dst IP in transparent mode.
>
> They will have to:
>
> a) connect to that domain using raw IP address in the URL.
>
> b) negotiate with the proxy admin to configure the proxy to selectively
> do the SNEAKY.EXAMPLE.COM redirect for them.
>
        Thanks for the reply. It turns out, oddly, that the IP that the
system is sending them to doesn't seem to be contactable either. Interestingly,
its generating those "0 0" (return code/bytes) I was seeing recently. So maybe
if Squid gets a timeout to a site it causes the 0/0's? When the DNS couldn't
resolve I was getting 503/17?? (I forget exactly).

        They are just out of luck. Atleast when I put the IP they WANT to go
to in I only get them attempting every 45 seconds, not every 16 seconds.

                        Tuc
Received on Sun Jul 13 2008 - 15:00:47 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 14 2008 - 12:00:03 MDT