On 19/08/2013 9:08 p.m., Ahmad wrote:
> WELL , nice explanation ,
>
>
> but u put a red line on something ,
>
>
> =======================================
> going to step
> 3b) if no, the clients destination IP is used.
> =============================================
>
> did u mean that it will not cache , store the client request in this
> case ???
How much do you know about how TCP/IP operates?
Each packet has a source and destination IP address and port number
attached. Squid recieves the IPs the client was using on its TCP
connection - so it knows one of the IPs the client found in DNS simply
because that IP is being used by the client.
> does that mean that its preferred the dns on clients and squid to be
> identical ??
Yes.
> its important to me to enhance hit ratio
Indeed. But enhancing the HIT ratio by allowing one infected client to
cache virus installers in Squid at any URL causes problems. Imagine yoru
proxy delivering a virus instead of http://google.com/. It is better to
loose the HIT ratio than to allow attackers to spread around your
network via cache corruption.
Amos
Received on Mon Aug 19 2013 - 11:54:34 MDT
This archive was generated by hypermail 2.2.0 : Mon Aug 19 2013 - 12:00:26 MDT