Search squid archive

Re: squid 3.2 intercept and upstream proxy not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/08/2012 10:54 p.m., Eliezer Croitoru wrote:
On 8/9/2012 4:47 AM, Amos Jeffries wrote:
On 09.08.2012 12:32, Eliezer Croitoru wrote:
On 8/9/2012 2:16 AM, Amos Jeffries wrote:

Releases 3.2.0.14->3.2.0.18 have a standing block preventing requests
with conflicting destination IP and destination domain name being passed
to peers.

Release 3.2.0.19 loosens that block to allow it, but only if the clients original destination IP (ORIGINAL_DST) is non-contactable by the proxy.

BUT, ... checking your config file there is a bigger problem, and a
relatively large amount of useless ACL checks ...
and let say i want to loosen it a bit more?

How much more?
  to relay known dangerous traffic to peers as if it were safe?
  or just to obey never_direct?
flag it as safe... because it is a local one that is safe.
i am talking only on http traffic and not https.

Please try 3.2.0.19 with this extra patch:
http://ww.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11644.patch

It removes the preference bias for ORIGINAL_DST over peers.

Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux