On Wed, 16 Dec 1998, Henrik Nordstrom wrote:
]> Any requests to an SSL site with an IE browser does not go through
]> yet Netscape goes through.
]
]No clue. Yet another sign of IE braindamage?
Talking about braindead browser, *why* do browsers (well, netscape does)
forward requests for hosts in 127.0.0.0/8 to a proxy anyway? IMHO that is
a (browser) bug, not a feature.
I have users complaining about my "broken caches", because their internet
banking software installation program tries to connect to a 127.0.0.1:8888
service. Obviously the programmer never had the idea (or test case) of a
user having a proxy configured. Thus I end up explaining patiently that
nothing is broken with the cache, and how to configure their browsers' "no
proxy for" rule without unconfiguring their proxies over and over again...
I want to thank the squid folks for the highly configurable piece of
software, because now I am able to automate my replies (in case somebody
else suffers from the same problem)
acl dst_local dst 127.0.0.0/8
acl src_allow src ...
http_access deny src_allow dst_local
http_access allow src_allow
http_access deny src_all
# similar for (ipc|miss)_access
deny_info ERR_LOCALHOST_NONSENSE dst_local
deny_info ERR_CUSTOM_ACCESS_DENIED src_all
with the error page containing in depth information about what went wrong.
If you don't mind serving your notice to all the internet, a single
"http_access deny dst_local" as first http_acces rule should suffice.
Otherwise you have to prepend each allow rule with a deny rule containing
the dst_local as last piece. Please note that dst_local has to be last
part of the line, or the wrong notice will be served.
If somebody thought of using a redirector as workaround of this browser
bug, please note that many caches are used by other caches. Thus throwing
back a connection at the querying instance will not suffice unless you are
the users' cache.
Le deagh dhùrachd,
Dipl.-Ing. Jens-S. Vöckler (voeckler@rvs.uni-hannover.de)
Institute for Computer Networks and Distributed Systems
University of Hanover, Germany; +49 511 762 4726
Received on Thu Dec 17 1998 - 01:36:06 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:40 MST