Re: [squid-users] Transparent squid ignores client-side /etc/hosts

From: Alex Vorona <voron@dont-contact.us>
Date: Sun, 11 Nov 2007 13:44:13 +0200

Adrian Chadd wrote:
> On Sun, Nov 11, 2007, Alex Vorona wrote:
>
>> Hello
>>
>> I got transparent squid 2.6 on Linux box via iptables REDIRECT. All
>> works fine, but squid actually ignores original DST IP in hijacked
>> connection and uses Host header to resolve to IP and then connects to
>> that IP.
>>
>
> I believe thats a security feature.
This is acceptable, but not in transparent proxy.
Maybe I want to test my google on IP 1.1.1.1, but I can't :)
> Allowing the client to control
> the Host: name to destination IP mapping makes for some pretty horrible
> cache poisoning possibilities.
>
>
Yes, it is. Maybe correct proxying of such requests without caching
will be solution?

Regards,
Alex
Received on Sun Nov 11 2007 - 04:44:31 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST