Henrik Nordstrom wrote:
On ons, 2008-10-15 at 16:16 +1300, Amos Jeffries wrote:
If anyone identifies your public IP they can point a domain DNS at your
IP and have it accelerated. Or even configure port 80 as their proxy IP
and browse through it. A firewall or NAT layer cannot prevent this
happening.
Only if always_direct is also used.. without always_direct in effect
accelerated requests is not allowed to go direct and only allowed to be
forwarded to known servers (cache_peer). This is just to make sure it's
not too easy to make this kind of bad configuration you talk about.
Regards
Henrik
Sigh. Can anyone tell me why I can't get my head to remember that?
Henrik has told me several times. And every time he does I understand
the truth of it and the code well enough.
Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
