[squid-users] Host header forgery policy in service provider environment
squid3 at treenet.co.nz
Thu Dec 31 08:31:53 UTC 2015
On 2015-12-31 00:01, Garri Djavadyan wrote:
> Hello Squid members and developers!
> First of all, I wish you a Happy New Year 2016!
> The current Host header forgery policy effectively prevents a cache
> poisoning. But also, I noticed, it deletes verified earlier cached
> object. Is it possible to implement more careful algorithm as an
> option? For example, if Squid will not delete earlier successfully
> verified and valid cached object and serve forged request from the
> cache if would be more effective and in same time secure behavior.
This seems to be describing
So far we don't have a solution. Patches very welcome.
More information about the squid-users