Re: [squid-users] host header and transparent proxy

From: Henrik Nordstrom <[email protected]>
Date: Thu, 22 Nov 2001 09:21:13 +0100

On Thursday 22 November 2001 08.25, khiz code wrote:

> if the client browser does not send a host -header will squid be able to
> identify the origin server and proxy the request to it
> the origin server ip is anyhow present in the IP packet dest IP address
> field isnt it

Correct, provided Squid knows about the method used for redirecting the
traffic.

> in this case of a transparent proxy is there any need in the first place
> for squid to do DNS lookups on the client requests ..this should save some
> time for the DNS lookups isnt it ??? coz when the packet comes to squid the
> DNS lookup has already been done by the client browser isnt it
> TIA

For security reasons Squid then would need to cache objects on their IP +
Host header, or else your users could easily pollute the cache by for example
connecting to the IP of a porn site, and sening a host header of your users
favorite news paper...

because of this complexity, Squid does not trust the client IP resolver when
connecting to named servers.

-- 
MARA Systems AB
Giving you basic free Squid support
Priority support or Squid enhancements available on request
Received on Thu Nov 22 2001 - 01:23:39 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:25 MST