> On Fri, Aug 14, 2009 at 5:15 PM, Matus UHLAR -
> fantomas<uhlar_at_fantomas.sk> wrote:
> > Squid ignores the original destination of connection in order to provide
> > correct content. Many servers provide the same (their own) content
> > independently on what Host: you ask for, so the cache would get filled with
> > incorrect content. That's one of downfalls when using inctercepting proxy.
On 14.08.09 18:10, Richard Wall wrote:
> We're going to see if we can modify the Squid source to use the
> requested destination IP address rather than looking it up again. I'll
> post here if we make any progress.
I say that again: by using such feature any client could poison your cache
by connecting to IP address of a malicious/broken server, requesting _any_
URI and your cache would remember the content provided by the server as if
it rally was the URI.
> <snip>
> > avoid using the proxy or explain why do you see different host than squid
> > does...
>
> It's caused by DNS host records with multple IP addresses (commonly
> used for load balancing eg on the akmai network).
> When the client looks up the host, it gets one IP address, and when
> Squid then does a DNS lookup shortly afterwards it receives a
> different IP address.
> This causes the Cisco router to redirect the response to the other
> Squid server which just drops it.
I think that is a bad configuration on DNS or your network.
Or maybe you should properly set up hosts file on machine squid is running
so it would not connect to the another squid.
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization.Received on Mon Aug 17 2009 - 08:43:20 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 18 2009 - 12:00:03 MDT