> So users access http://1.2.3.4/ by IP? Not by some more friendly >hostname? Yes, users access by IP address. But I understand best soluction is use dstdomain. >Yes. Or defaultside=1.2.3.4, or both vhost makes that Squid use what is in the host header when building the requested URL while defaultsite specifies explicitly what site 'name:port' to use; also used as fallback if there is no Host header. But who has priority in request building ? information in host header or in default-site ? > defaultsite is not used because... > > URL is > http://1.2.3.4/LicroPS.sav.1/mkLicro.do?codCenter=22101 > >The browser will send that as > >GET /LicroPS.sav.1/mkLicro.do?codCenter=22101 HTTP/1.1 >Host: 1.2.3.4 >[more headers] If specify: http_port 1.2.3.4:80 accel vhost defaultside=1.2.3.4 browser will send this one ? GET 1.2.3.4/LicroPS.sav.1/mkLicro.do?codCenter=22101 HTTP/1.1 Host: 1.2.3.4 ... -----Messaggio originale----- Da: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Inviato: Wednesday, August 19, 2009 12:24 PM A: Riccardo Castellani Cc: squid-users@xxxxxxxxxxxxxxx Oggetto: Re: R: [squid-users] Example of squid accelerator ons 2009-08-19 klockan 08:53 +0200 skrev Riccardo Castellani: > Internet users reach my company site on IP address 1.2.3.244 where they find > a certain section which contents 4 icons. So users access http://1.2.3.4/ by IP? Not by some more friendly hostname? > These 4 icons (corresponding to 4 towns) links respectively to > > http://1.2.3.4/LicroPS.sav.1/mkLicro.do?codCenter=22101 > http://1.2.3.4/LicroPS.sav.1/mkLicro.do?codCenter=22102 > http://1.2.3.4/LicroPS.sav.1/mkLicro.do?codCenter=22103 > http://1.2.3.4/LicroPS.sav.1/mkLicro.do?codCenter=22104 > > User can decide what link is interesting, according to town to whose He > belongs, so there is no default page. These http_port parameters is about what Squid should pick up as requested hostname. Paths or objects on the server is irrelevant. > Can I describe in this way ? > http_port 1.2.3.4:80 accel vhost Yes. Or defaultside=1.2.3.4, or both. My recommendation is to always use vhost, and add defaultsite only if one wants to support obsolete HTTP/1.0 clients not sending Host headers. Life gets less complicated in the long run that way. > >Don't use dst there, use dstdomain instead matching the allowed > >sitenames/hostnames > > What's the reason ? Pheraps because with dst directive Squid looks up dns > for IPAddress from the domain-name, which is in request header. > I could having, for specific reasons, some sites which are not registred in > dns even if this time is not my case. a) The DNS lookup isn't needed. b) As you describe above. c) May allow things you did not intend as the attacker may well create his own DNS records with ip of 1.2.3.4. Regards Henrik
