Re: [squid-users] Transparent squid ignores client-side /etc/hosts

From: Alex Vorona <voron@dont-contact.us>
Date: Sun, 11 Nov 2007 13:45:43 +0200

Adrian Chadd wrote:
> On Sun, Nov 11, 2007, Alex Vorona wrote:
>
>> Hello
>>
>> I got transparent squid 2.6 on Linux box via iptables REDIRECT. All
>> works fine, but squid actually ignores original DST IP in hijacked
>> connection and uses Host header to resolve to IP and then connects to
>> that IP.
>>
>
> I believe thats a security feature. Allowing the client to control
> the Host: name to destination IP mapping makes for some pretty horrible
> cache poisoning possibilities.
>
>
>

BTW how squid caches sites, resolving to 2 or more IPs and having
different content on each IP - I know this is stupid, but anyway.

Regards,
Alex
Received on Sun Nov 11 2007 - 04:45:53 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST