fre 2010-03-12 klockan 16:25 +0100 skrev Riccardo Castellani: > If I understood, Squid search 'host' header in the client request but if > client fails to send this header, Squid assumes the domain specified by > defaultsite. correct > But when client fails to send 'host' header ? And if I delete > "defaultsite=HostA:8080" what happens ? Then the client gets an "invalud request" error. But all clients available in the lasr decade or so sends host header, and all browsers long before that. > > ... there is a great risk that 8080 port number > > leaks out to clients in various situations > > I don't understand what you want to say. > This web server (HostA) is only accessible from intern. network by link on > another server which references to HostA:8080, while fro external network by > Squid Accelerator mechanism. The server thinks the requested URL is http://page.example.com:8080/ and this is what the server will use whenever it needs to return a full URL to the client. A very common example where this happens is if you have an accessible folder with or without a default page http://page.example.com/folder/ but the client requests http://page.example.com/folder the server then redirects the request to what it thinks is the right URL for that folder http://page.example.com:8080/folder/ Similar things also happens at many other levels. Because of this it's highly recommended that the port used on the server is the same as requesed by the client, with no remapping done by the reverse proxy other than selecting the right server. Regards Henrik
