Adrian Chadd wrote:
On Sun, Nov 11, 2007, Alex Vorona wrote:
Hello
I got transparent squid 2.6 on Linux box via iptables REDIRECT. All
works fine, but squid actually ignores original DST IP in hijacked
connection and uses Host header to resolve to IP and then connects to
that IP.
I believe thats a security feature. Allowing the client to control
the Host: name to destination IP mapping makes for some pretty horrible
cache poisoning possibilities.
BTW how squid caches sites, resolving to 2 or more IPs and having
different content on each IP - I know this is stupid, but anyway.
Regards,
Alex
