On Mon, 10 Oct 2011 08:39:00 -0600, Alex Rousskov wrote:
------------------------------------------------------------
revno: 11783
committer: Alex Rousskov <[email protected]>
branch nick: trunk
timestamp: Mon 2011-10-10 08:39:00 -0600
message:
Fixed typos in the host_verify_strict description.
Frankly, the description is likely to still make little sense to
uninitiated because we do not explain what is "Host vs IP validation"
and what the "additional strict validation comparisons" are. There was
an attempt to explain the latter, but I think it failed. Perhaps there
are more typos that hide the intended meaning?
modified:
src/cf.data.pre
"
By default on intercept and tproxy traffic Squid verifies that the
destination IP address matches the Host: header domain or IP (called
'authority form URL'). The client will be presented with a 409 Conflict
error page and Squid logs a security warning if they do not match.
When set to ON, this option enables additional strict comparisons on
forward-proxy and reverse-proxy traffic passing through Squid.
These additional tests involve textual domain comparisons to
ensure that the client sends a consistent Host header for the
destination server mentioned in the URL.
"
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.15
Beta testers wanted for 3.2.0.12
