[squid-users] Problems with Splicing and DNS
Laurent Verheirstraeten
laurent.verheirstraeten at univ-rennes1.fr
Fri Jul 6 07:06:01 UTC 2018
Hello, Thank you for your reply. ok I will try this beautiful version of
Squid 4. Regards. Laurent
Le 05/07/2018 à 20:16, Amos Jeffries a écrit :
> On 06/07/18 00:49, Laurent Verheirstraeten wrote:
>> Hi,
>>
>> We have to deal with to a problem when using the function ‘Peak and
>> Splice’ on the version 3.5.27 of Squid.
>>
> Please upgrade to Squid-4.1. It resolves quite a number of annoying
> SSL-Bump issues and has far better TLS support than Squid-3.
>
>
>> We tried and set up a transparent proxy, but the rules we declared are
>> not taken into account because both (squid) server and client are not
>> using allways the same DNS.
>> (we’re using a pool off 2 different DNS servers, not using the same cache ).
>>
>> We’ve noticed that the IP addresses taken into account by the server
>> Squid and the client are not the same while solving the hostname.
>>
>> In that special case, Squid sends an error during the ‘Splice’. When the
>> IP addresses are the same, then the function ‘Splice’ works perfectly.
>>
>> Is there a way into Squid to specify the same IP address on both sides?
> Having Squid use the same DNS resolver as the client makes most
> occurrences of this problem go away.
>
> <https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>
>
>
>> Have you already seen that kind of problem ?
>>
> Yes. It is a well-known issue with interception proxies.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180706/e86b4c9a/attachment.html>
More information about the squid-users
mailing list