[squid-users] Problems with Splicing and DNS
Amos Jeffries
squid3 at treenet.co.nz
Thu Jul 5 18:16:17 UTC 2018
On 06/07/18 00:49, Laurent Verheirstraeten wrote:
> Hi,
>
> We have to deal with to a problem when using the function ‘Peak and
> Splice’ on the version 3.5.27 of Squid.
>
Please upgrade to Squid-4.1. It resolves quite a number of annoying
SSL-Bump issues and has far better TLS support than Squid-3.
> We tried and set up a transparent proxy, but the rules we declared are
> not taken into account because both (squid) server and client are not
> using allways the same DNS.
> (we’re using a pool off 2 different DNS servers, not using the same cache ).
>
> We’ve noticed that the IP addresses taken into account by the server
> Squid and the client are not the same while solving the hostname.
>
> In that special case, Squid sends an error during the ‘Splice’. When the
> IP addresses are the same, then the function ‘Splice’ works perfectly.
>
> Is there a way into Squid to specify the same IP address on both sides?
Having Squid use the same DNS resolver as the client makes most
occurrences of this problem go away.
<https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>
>
> Have you already seen that kind of problem ?
>
Yes. It is a well-known issue with interception proxies.
Amos
More information about the squid-users
mailing list