Hello Squid members and developers! First of all, I wish you a Happy New Year 2016! The current Host header forgery policy effectively prevents a cache poisoning. But also, I noticed, it deletes verified earlier cached object. Is it possible to implement more careful algorithm as an option? For example, if Squid will not delete earlier successfully verified and valid cached object and serve forged request from the cache if would be more effective and in same time secure behavior. For example, in service provider tproxy environment, it is almost impossible to effectively optimize content delivery from sophisticated CDNs, such as appldnld.apple.com, iosapps.itunes.apple.com. For the latter domain, DNS servers return different pairs of A records for same host every 15 seconds regardless of Geo location. For the former domain, local DNS servers and public DNS servers (Google) return different records. As I emphasized SP environment, it is not possible to control DNS settings on subscriber systems. Thank you for attention! -- Garri Djavadyan iPlus LLC, TM Comnet, Technical Department Phone: +99871 2333335 (ext. 27) http://comnet.uz _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
