Cezary Rzewuski wrote:
Hi,
Is there any possibility for squid not to make DNS lookups at all but be
provided with the server IP address from client?
The issue is that we're using squid as a proxy for crawling malicious
sites and the, so called, fast-flux attacks are quite popular these days.
In this kind of attack DNS returns many IP addresses for an URL, few of
which are usually malicious. So, we'll use some heuristic algorithms to
choose which IP to check.
However the problem is that we need any way to inform squid of the IP
address he should use for particular URL. We were thinking of setting our
own DNS cache server for squid. However, it changes project architecture a
bit. I thought that may be there exist any way to give squid the IP
address in a HTTP header (X-IP)?
Doing this in itself makes squid vulnerable to Cache Pollution attacks.
The vulnerability is particularly serious when interacting with those
bad websites, as they are their DNS results are the most likely source
of such attacks.
If you want to maintain data integrity during these test operations you
really do not want the sites to be cached at all between the testing
engine and the tested site. If anything needs to be stored for records,
its best done by the engine which can identify the material correctly.
You can easily modify the crawler to use IMS requests, and
extract/follow the object expiry information. Thats the only benefit I
see squid providing such a test setup.
Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE8
