On 27/02/2012 11:27 p.m., Warren Baker wrote:
> HI all,
>
> Just a question with regards to 3.2.0.X and 'Host header forgery'
> detection. If there are multiple name servers specified on the client
> and squid and for whatever reason (timeout,network problem etc.) the
> client uses a different name server to resolve a site (eg facebook) to
> what Squid uses - then this problem seems to pop up. So since there is
> no guarantee on what name server the client uses I guess the only
> alternative is to enforce WPAD or browser settings.
It is best to consider interception an action of last resort, for this
any many other reasons.
3.2.0.15+ will do a soft-fail type behaviour, which allows the request
through but does not allow caching of the response and only relays the
original destination IP. Which hides the problems from client
visibility, at cost of some cache HITs.
Amos
Received on Mon Feb 27 2012 - 10:58:32 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 27 2012 - 12:00:04 MST