On 24.07.2012 10:20, Joe Orton wrote:
On Tue, Jul 24, 2012 at 07:55:27AM +0000, Plüm, Rüdiger, Vodafone Group wrote:
Thanks. The patch reminded me of a special situation where the patch
might not be suitable: If the forward proxy just forwards everything
to the next proxy e.g. because it cannot do DNS lookups of the target
URL's
Exactly my thought. So in presence of a forward proxy, the "least
worst" option is probably to omit the DNS lookup and only do the string
comparison against the ->noproxies list? Doing a (possibly slow to
timeout) DNS lookup just in case could impose a horrible performance
hit.
IMHO if the admin explicitely configured an IP in the ProxyBlock list we
should nevertheless check. For this case there's already a somewhat
related warning in the docs which we could enhance for this new case.
It looks like we could check whether we have an explicit IP during
set_proxy_exclude() by comparing new->name and apr_sockaddr_ip_get() of
new->addr and later do the IP lookup for the target host only for those
rules where we had an explicit IP.
Not sure whether apr_sockaddr_ip_get() applied to the result of
apr_sockaddr_info_get() applied to an IP gives back the same IP, e.g.
when there's IPv4 and v6 involved.
Regards,
Rainer
