Hey Jason,
I think we can divide the issue into two:
- host forgery identification
- host forgery action
And you can also add intercepting compared to configured forward proxy.
If you can draw a picture of the clients and the proxy network layout we
can try somewhere.
What you are talking about is mainly due to intercepting connections and
not using a regular forward proxy.
Also what dns server are you using there? Do you have queries log
enabled?(like in bind)
Can you run a "dig host" to verify what happens there? if there are many
records in the response?
I have not used ssl-bump in intercept\trpoxy mode in a very long time
but I would be happy to test couple things if it's easy enough.(1\2
routers + 1\2 clients win+lx)
Eliezer
On 12/01/2016 03:40, Jason Haar wrote:
This is a bit of a show-stopper to ever using bump: having perfectly
good websites being unavailable really isn't an option (in the case of
"peek-and-splice" over intercepted they seem to hang forever when this
error occurs). Perhaps an option to change it's behaviour would be
better? eg enable/disable and maybe "ignore client and use the IP
addresses squid thinks are best" could work?
Jason
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
