On Sun, Nov 11, 2007, Alex Vorona wrote: > Hello > > I got transparent squid 2.6 on Linux box via iptables REDIRECT. All > works fine, but squid actually ignores original DST IP in hijacked > connection and uses Host header to resolve to IP and then connects to > that IP. I believe thats a security feature. Allowing the client to control the Host: name to destination IP mapping makes for some pretty horrible cache poisoning possibilities. It shouldn't be difficult to patch Squid-2.6 to use the original destination IP if required (if there isn't one already!) but I'm not sure how to work around the cache poisioning. Henrik, any ideas? Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
