[squid-users] Fwd: [Squid-3.5.20]Squid transparent proxy http/https without client site config
minh hưng đỗ hoàng
hoangminhung at gmail.com
Mon Nov 27 02:11:46 UTC 2017
>
> Not just the Squid machine but *all* the clients going through your Squid
>> also have to be using the same DNS resolver for that workaround. Any of
>> them using other resolvers (eg 8.8.8.8 or similar services) *will* hit
>> these errors.
>>
>
>
> And this is my dns config in squid.config :
>>
>> # --------- DNS AND IP CACHES [4341]
>>
>> dns_nameservers 127.0.0.1
>> dns_v4_first on
>> #original_dst off
>> client_dst_passthru off
>>
>
> The above setting is rejecting clients when the host verify fails.
> TO let traffic through the proxy when host-verify fails set it back to the
> default "client_dst_passthru on".
>
> The Host verify failure is most dangerous when cached - so that is always
> prohibited. But upstream routing is difficult for Squid to determine - thus
> that config option. It is left up to you whether you risk your clients
> getting infected by that mechanism - Squid just minimizes the damage and
> risk by limiting it to the one client making the suspicious request.
>
>
Thanks alot for your suggestion, i thought that i made some mistake in my
DNS. I will try to find out and show you the result.
--
Thanks & Best Regards,
--------------
Đỗ Hoàng Minh Hưng
Gmail : hoangminhung at gmail.com
SĐT : 01234454115
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171127/dd397839/attachment.html>
More information about the squid-users
mailing list