On 27/02/2012 11:27 p.m., Warren Baker wrote:
HI all,
Just a question with regards to 3.2.0.X and 'Host header forgery'
detection. If there are multiple name servers specified on the client
and squid and for whatever reason (timeout,network problem etc.) the
client uses a different name server to resolve a site (eg facebook) to
what Squid uses - then this problem seems to pop up. So since there is
no guarantee on what name server the client uses I guess the only
alternative is to enforce WPAD or browser settings.
It is best to consider interception an action of last resort, for this
any many other reasons.
3.2.0.15+ will do a soft-fail type behaviour, which allows the request
through but does not allow caching of the response and only relays the
original destination IP. Which hides the problems from client
visibility, at cost of some cache HITs.
Amos
