On Mon, Mar 24, 2008, Saurabh Agarwal wrote: > I understand the security concern, but if squid is accessed by Users > only within the company and company's intranet is secure enough, then it > is an overkill as DNS is performed twice(Squid being used in transparent > mode), once by the browser and then second time by the Squid. > > Shouldn't we have this as configurable through squid.conf file, though > with the disclaimer you wrote earlier. This looks like a good feature to > have. > > Like: Disble DNS lookups by Squid, instead use the DST IP address in the > intercepted HTTP requested. > #disable_dns_lookup, hence use Dst IP from the packet Thats not a bad idea, but the possibility is there to absolutely, positively blow away not only your clients' feet, but their legs, their torso, their car/bike, and potentially their neighbours' pet. Its very dangerous. I'll commit a patch if someone submits one. It has to have a very, very large warning and it also needs to log something in cache.log to explain why enabling the option is 100% dangerous. Please realise that its not only comprimised hosts, its also malicious users. Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
