Henrik Nordstrom wrote:
> On ons, 2008-10-15 at 16:16 +1300, Amos Jeffries wrote:
>
>> If anyone identifies your public IP they can point a domain DNS at your
>> IP and have it accelerated. Or even configure port 80 as their proxy IP
>> and browse through it. A firewall or NAT layer cannot prevent this
>> happening.
>
> Only if always_direct is also used.. without always_direct in effect
> accelerated requests is not allowed to go direct and only allowed to be
> forwarded to known servers (cache_peer). This is just to make sure it's
> not too easy to make this kind of bad configuration you talk about.
>
> Regards
> Henrik
Sigh. Can anyone tell me why I can't get my head to remember that?
Henrik has told me several times. And every time he does I understand
the truth of it and the code well enough.
Amos
-- Please use Squid 2.7.STABLE4 or 3.0.STABLE9Received on Wed Oct 15 2008 - 10:25:23 MDT
This archive was generated by hypermail 2.2.0 : Wed Oct 15 2008 - 12:00:03 MDT