[squid-users] More host header forgery pain with peek/splice
Amos Jeffries
squid3 at treenet.co.nz
Mon Sep 5 11:02:06 UTC 2016
On 5/09/2016 11:35 a.m., Marcus Kool wrote:
> Thanks for your reply.
>
> The 13-year old child in me says "I want it fixed yesterday"
> since false positives are very painful and cannot always
> be prevented since the environment where Squid works is
> not always that easy to control.
>
> You mentioned earlier that a fix will probably go in squid 5
> which is long due and there is no workaround. A second
> thought is to have an acl that determines for which domains
> the check must be skipped, but this is not optimal since
> the admin gains an extra job.
>
> My vote goes to re-prioritizing the fix and put it in Squid 4.
> Of course I have no idea about the implications.
Resources to work on it would be very welcome. I still think it will
take too long to go into Squid-4 though, since 4.1 is already overdue
for release.
Amos
More information about the squid-users
mailing list