It might be a bit tricky to add without a bit of rewriting how the
virtual host support is done. Squid can be seena as a big state machine,
and state changes can't be done in all places... and a DNS lookup
requires a state change.
But yes, it should be done. But until then use ACL lists.
Packets should never be received by another interface (unless either
your DNS or TCP/IP is totally messed up). If this could happen then
virtual interfaces would not be very useful...
--- Henrik Nordström Graham Toal wrote: > However, a lower-level check is also cheap to add, and > doesn't require keeping large ACL lists: > > if virtual_host and Host: header > AND Host: header IP resolves to virtual_host IP (CNAME or A record) > use Host: header > elsif virtual > use IP addr > else > use accel prefix > > What I'm not sure about is if the packet was received on an IP > interface that was not one of the IP aliases which the virtual > host CNAME points to! (Confusing, eh?) Will this happen > often enough to be worth the extra checks?Received on Thu May 08 1997 - 15:32:41 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:09 MST