Tuc at T-B-O-H.NET wrote:
Hi,
Running into a problem, not sure if or how to handle it.
User running windows has an entry in their (Windows
equiv of /etc/hosts) that says :
192.168.3.10 SNEAKY.EXAMPLE.COM
For the rest of the world, SNEAKY.EXAMPLE.COM doesn't
exist (NXDOMAIN).
Without squid in transparent/WCCP2 mode, it appears that
the user contacts 192.168.3.10 and does his thing. With squid+
transparent+WCCP2, we end up with 503's.
Is there even a way to be able to address this, or is
the user just going to be out of luck period?
Out of luck. Domain hijacking like this is precisely why squid doesn't
trust the client-given dst IP in transparent mode.
They will have to:
a) connect to that domain using raw IP address in the URL.
b) negotiate with the proxy admin to configure the proxy to selectively
do the SNEAKY.EXAMPLE.COM redirect for them.
Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE7
