On 10/08/2012 10:54 p.m., Eliezer Croitoru wrote:
On 8/9/2012 4:47 AM, Amos Jeffries wrote:
On 09.08.2012 12:32, Eliezer Croitoru wrote:
On 8/9/2012 2:16 AM, Amos Jeffries wrote:
Releases 3.2.0.14->3.2.0.18 have a standing block preventing requests
with conflicting destination IP and destination domain name being
passed
to peers.
Release 3.2.0.19 loosens that block to allow it, but only if the
clients
original destination IP (ORIGINAL_DST) is non-contactable by the
proxy.
BUT, ... checking your config file there is a bigger problem, and a
relatively large amount of useless ACL checks ...
and let say i want to loosen it a bit more?
How much more?
to relay known dangerous traffic to peers as if it were safe?
or just to obey never_direct?
flag it as safe... because it is a local one that is safe.
i am talking only on http traffic and not https.
Please try 3.2.0.19 with this extra patch:
http://ww.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11644.patch
It removes the preference bias for ORIGINAL_DST over peers.
Amos
