> On Fri, Aug 14, 2009 at 5:15 PM, Matus UHLAR - > fantomas<uhlar@xxxxxxxxxxx> wrote: > > Squid ignores the original destination of connection in order to provide > > correct content. Many servers provide the same (their own) content > > independently on what Host: you ask for, so the cache would get filled with > > incorrect content. That's one of downfalls when using inctercepting proxy. On 14.08.09 18:10, Richard Wall wrote: > We're going to see if we can modify the Squid source to use the > requested destination IP address rather than looking it up again. I'll > post here if we make any progress. I say that again: by using such feature any client could poison your cache by connecting to IP address of a malicious/broken server, requesting _any_ URI and your cache would remember the content provided by the server as if it rally was the URI. > <snip> > > avoid using the proxy or explain why do you see different host than squid > > does... > > It's caused by DNS host records with multple IP addresses (commonly > used for load balancing eg on the akmai network). > When the client looks up the host, it gets one IP address, and when > Squid then does a DNS lookup shortly afterwards it receives a > different IP address. > This causes the Cisco router to redirect the response to the other > Squid server which just drops it. I think that is a bad configuration on DNS or your network. Or maybe you should properly set up hosts file on machine squid is running so it would not connect to the another squid. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization.
