On 9/01/2016 7:48 a.m., Nir Krakowski wrote: > This is what needs to be done to get it to work in squid >3.5 in function > ClientRequestContext::hostHeaderIpVerify(const ipcache_addrs* ia, const > Dns::LookupDetails &dns): > Hell NO!!!! clientConn is the state data about the TCP connection the message arrived on. HTTP and SSL-Bump in no way alter the reality of what src/dst IPs those TCP packets contain. There may be a bug needing a fix, but it absolutely is not that patch. By applying that patch you are allowing a remote sender to both bypass all your Squid protections, and any network firewall security you may have external to Squid. While simultaneously recording in your Squid logs any value of its choosing for the destination IPs of its attack traffic. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
