On 2015-12-31 00:01, Garri Djavadyan wrote:
Hello Squid members and developers! First of all, I wish you a Happy New Year 2016! The current Host header forgery policy effectively prevents a cache poisoning. But also, I noticed, it deletes verified earlier cached object. Is it possible to implement more careful algorithm as an option? For example, if Squid will not delete earlier successfully verified and valid cached object and serve forged request from the cache if would be more effective and in same time secure behavior.
This seems to be describing <http://bugs.squid-cache.org/show_bug.cgi?id=3940>
So far we don't have a solution. Patches very welcome. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
