1. You're forgetting I only refer specific traffic using /etc/hosts to squid. 2. What do you suggest ? I want to use the SNI as the direction of the traffic, not the forwarded IP address.
On Sun, Jan 10, 2016 at 6:30 AM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 9/01/2016 7:48 a.m., Nir Krakowski wrote: > > This is what needs to be done to get it to work in squid >3.5 in function > > ClientRequestContext::hostHeaderIpVerify(const ipcache_addrs* ia, const > > Dns::LookupDetails &dns): > > > > Hell NO!!!! > > clientConn is the state data about the TCP connection the message > arrived on. HTTP and SSL-Bump in no way alter the reality of what > src/dst IPs those TCP packets contain. > > There may be a bug needing a fix, but it absolutely is not that patch. > > > By applying that patch you are allowing a remote sender to both bypass > all your Squid protections, and any network firewall security you may > have external to Squid. While simultaneously recording in your Squid > logs any value of its choosing for the destination IPs of its attack > traffic. > > Amos > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
