On 06/07/18 00:49, Laurent Verheirstraeten wrote: > Hi, > > We have to deal with to a problem when using the function ‘Peak and > Splice’ on the version 3.5.27 of Squid. > Please upgrade to Squid-4.1. It resolves quite a number of annoying SSL-Bump issues and has far better TLS support than Squid-3. > We tried and set up a transparent proxy, but the rules we declared are > not taken into account because both (squid) server and client are not > using allways the same DNS. > (we’re using a pool off 2 different DNS servers, not using the same cache ). > > We’ve noticed that the IP addresses taken into account by the server > Squid and the client are not the same while solving the hostname. > > In that special case, Squid sends an error during the ‘Splice’. When the > IP addresses are the same, then the function ‘Splice’ works perfectly. > > Is there a way into Squid to specify the same IP address on both sides? Having Squid use the same DNS resolver as the client makes most occurrences of this problem go away. <https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery> > > Have you already seen that kind of problem ? > Yes. It is a well-known issue with interception proxies. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
