ons 2009-08-19 klockan 08:53 +0200 skrev Riccardo Castellani:
> Internet users reach my company site on IP address 1.2.3.244 where they find
> a certain section which contents 4 icons.
So users access http://1.2.3.4/ by IP? Not by some more friendly
hostname?
> These 4 icons (corresponding to 4 towns) links respectively to
>
> http://1.2.3.4/LicroPS.sav.1/mkLicro.do?codCenter=22101
> http://1.2.3.4/LicroPS.sav.1/mkLicro.do?codCenter=22102
> http://1.2.3.4/LicroPS.sav.1/mkLicro.do?codCenter=22103
> http://1.2.3.4/LicroPS.sav.1/mkLicro.do?codCenter=22104
>
> User can decide what link is interesting, according to town to whose He
> belongs, so there is no default page.
These http_port parameters is about what Squid should pick up as
requested hostname. Paths or objects on the server is irrelevant.
> Can I describe in this way ?
> http_port 1.2.3.4:80 accel vhost
Yes. Or defaultside=1.2.3.4, or both.
My recommendation is to always use vhost, and add defaultsite only if
one wants to support obsolete HTTP/1.0 clients not sending Host headers.
Life gets less complicated in the long run that way.
> >Don't use dst there, use dstdomain instead matching the allowed
> >sitenames/hostnames
>
> What's the reason ? Pheraps because with dst directive Squid looks up dns
> for IPAddress from the domain-name, which is in request header.
> I could having, for specific reasons, some sites which are not registred in
> dns even if this time is not my case.
a) The DNS lookup isn't needed.
b) As you describe above.
c) May allow things you did not intend as the attacker may well create
his own DNS records with ip of 1.2.3.4.
Regards
Henrik
Received on Wed Aug 19 2009 - 10:23:51 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 21 2009 - 12:00:03 MDT