fre 2010-03-12 klockan 16:25 +0100 skrev Riccardo Castellani:
> If I understood, Squid search 'host' header in the client request but if
> client fails to send this header, Squid assumes the domain specified by
> defaultsite.
correct
> But when client fails to send 'host' header ? And if I delete
> "defaultsite=HostA:8080" what happens ?
Then the client gets an "invalud request" error.
But all clients available in the lasr decade or so sends host header,
and all browsers long before that.
> > ... there is a great risk that 8080 port number
> > leaks out to clients in various situations
>
> I don't understand what you want to say.
> This web server (HostA) is only accessible from intern. network by link on
> another server which references to HostA:8080, while fro external network by
> Squid Accelerator mechanism.
The server thinks the requested URL is http://page.example.com:8080/ and
this is what the server will use whenever it needs to return a full URL
to the client.
A very common example where this happens is if you have an accessible
folder with or without a default page
http://page.example.com/folder/
but the client requests
http://page.example.com/folder
the server then redirects the request to what it thinks is the right URL
for that folder
http://page.example.com:8080/folder/
Similar things also happens at many other levels.
Because of this it's highly recommended that the port used on the server
is the same as requesed by the client, with no remapping done by the
reverse proxy other than selecting the right server.
Regards
Henrik
Received on Fri Mar 12 2010 - 18:16:09 MST
This archive was generated by hypermail 2.2.0 : Fri Mar 12 2010 - 12:00:03 MST