On 04/01/18 19:43, Umut Arus wrote:
Thank you. It seems a nice guide. I mean caching some destinations used
for download without doing any setup on client side. Is it possible to
use dns to proxy redirection for some destination zones?
No. Well, it may be _possible_ but very, very far from safe.
When intercepting traffic there are some *extremely* nasty security
issues involved with Host header that have to be avoided. The details
can be found at
<https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>.
The only way to safely avoid lots of false errors is to relay traffic to
the dst-IP the client presents when the security checks fail.
But if you alter DNS so Squid and clients see different things then
*all* the traffic shows up as forged and the dst-IP will be the proxies
own IP.
So there is nowhere the proxy can connect to which will provide the
content needed. Attempts to do so loops infinitely back to the proxy.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
