> On Mon, 10 Oct 2011 08:39:00 -0600, Alex Rousskov wrote:
>> ------------------------------------------------------------
>> revno: 11783
>> committer: Alex Rousskov <rousskov_at_measurement-factory.com>
>> branch nick: trunk
>> timestamp: Mon 2011-10-10 08:39:00 -0600
>> message:
>> Fixed typos in the host_verify_strict description.
>>
>> Frankly, the description is likely to still make little sense to
>> uninitiated because we do not explain what is "Host vs IP validation"
>> and what the "additional strict validation comparisons" are. There was
>> an attempt to explain the latter, but I think it failed. Perhaps there
>> are more typos that hide the intended meaning?
>> modified:
>> src/cf.data.pre
>
"
By default on intercept and tproxy traffic Squid verifies that the
destination IP address matches the Host: header domain or IP (called
'authority form URL'). The client will be presented with a 409 Conflict
error page and Squid logs a security warning if they do not match.
When set to ON, this option enables additional strict comparisons on
forward-proxy and reverse-proxy traffic passing through Squid.
These additional tests involve textual domain comparisons to
ensure that the client sends a consistent Host header for the
destination server mentioned in the URL.
"
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.12Received on Wed Oct 12 2011 - 04:38:41 MDT
This archive was generated by hypermail 2.2.0 : Wed Oct 12 2011 - 12:00:06 MDT