On 8/9/2012 4:47 AM, Amos Jeffries wrote:
On 09.08.2012 12:32, Eliezer Croitoru wrote:
On 8/9/2012 2:16 AM, Amos Jeffries wrote:
Releases 3.2.0.14->3.2.0.18 have a standing block preventing requests
with conflicting destination IP and destination domain name being passed
to peers.
Release 3.2.0.19 loosens that block to allow it, but only if the clients
original destination IP (ORIGINAL_DST) is non-contactable by the proxy.
BUT, ... checking your config file there is a bigger problem, and a
relatively large amount of useless ACL checks ...
and let say i want to loosen it a bit more?
How much more?
to relay known dangerous traffic to peers as if it were safe?
or just to obey never_direct?
flag it as safe... because it is a local one that is safe.
i am talking only on http traffic and not https.
Thanks,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il