Date: Wed, 8 Apr 1998 09:00:58 +0200 (SAT) From: S White <swhite@gov.za> To: Tom <tom@uniserve.com> Cc: "Daniel O'Connor" <doconnor@gsoft.com.au>, Ruslan Ermilov <ru@ucb.crimea.ua>, freebsd-stable@FreeBSD.ORG Subject: Re: Simple IPFW question Message-ID: <Pine.BSF.3.96.980408085451.18999B-100000@ns2.x-link.ml.org> In-Reply-To: <Pine.BSF.3.96.980407181334.29136D-100000@shell.uniserve.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 7 Apr 1998, Tom wrote: > In httpd acceleration mode, squid is designed to accelerate access to a > particular http server which you must define: > > # If you want to run squid as an httpd accelerator, define the > # host name and port number where the real HTTP server is. Squid can also act as a transparent proxy for multiple web servers quite happily with some tweaking. Been there, done that, love the T-shirt... # TAG: httpd_accel_uses_host_header # HTTP/1.1 requests include a Host: header which is basically the # hostname from the URL. Squid can be an accelerator for # different HTTP servers by looking at this header. However, # Squid does NOT check the value of the Host header, so it opens # a big security hole. We recommend that this option remain # disabled unless you are sure of what you are doing. # httpd_accel_uses_host_header on Since this isn't really a -stable issue, this will be my first and last posting to the list on this issue... we can take it elsewhere if desired. *grin* Regards, - Sean. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980408085451.18999B-100000>