Hi Squid Developers.,
I am using Squid 2.5 STABLE2 on Redhat Linux.
I read some mails on squid-dev and squid-user group regarding DNS Resovling
Issue of Squid in Transparent Mode.
and That is fine.
Considering following scenario.
there are some developers developing web-sites which is hosted out side
Squid-Cache and they are testing it through m/c inside the Squid. This is
scenario can be found at many place.
they have entry in a.b.c.d my-site.com in there /etc/hosts or <win
dir>/hosts file. & my-site.com is not registered publically
now when this requests comes to squid in Transparent model, Destination IP
address is already resolved by their m/c's respective DNS Server.
Squid again checks it to prevent some Security holes. and When squid tries
to DNS Look-up It failes obviously because DNS server has no entry for
my-site.com.
This can be solved using following approach:
Assuming DNS is Failed for my-site.com
Squid gets destination IP Address from IP Header using getsockopt().
and then connects to that IP address.
[Note: We are connecting after DNS Lookup which is phase in Squid after ACL
Check so ALL Access Checks had done before this operation and request is
allowed one]
and Servers the requested Object.
My Question is:
Does this approach adds any Security Hole or Problem in Squid.[ Assuming we
are providing necessary priviledges to do getsockopt()]
and Whether Squid caches Downloaded Objects from my-site.com. if So what
will be the Object Key and will it create some problem for serving ?
later request for my-site.com with different IP [not a.b.c.d]
Waiting for Reply,
Atit Jariwala
Received on Thu Aug 28 2003 - 04:29:40 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:30 MST