On Tue, 2004-06-15 at 15:48, Henrik Nordstrom wrote:
> By discarding the original destination IP address caching is made more
> effective by being able to cache on the requested hostname. If using the
> original destination IP address then caching needs to be done using the
> requested hostname + IP address due to security implications of trusting
> the client provided destination IP.
Thanks Henrik, that is a very good point. We hadn't considered that at
all.
Another scenario we are seeing is when multiple A records are returned
from a lookup and the client and squid select different records from the
set. Perhaps in this scenario a good compromise would be to compare the
set with the original destination IP and prefer a match over the usual
selection method.
> I have nothing against adding an option to enable this mode of operation,
> but I do not think it should be the default.
If we end up getting it working cleanly for our purposes then we ought
to be able to add a config option in for it and submit it as a patch.
Thanks very much for your feedback.
Regards,
Andrew Ivins
System Adminstrator
Swiftel Communications
Received on Tue Jun 15 2004 - 02:07:32 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 30 2004 - 12:00:03 MDT