Hi Squid Developers., I am using Squid 2.5 STABLE2 on Redhat Linux. I read some mails on squid-dev and squid-user group regarding DNS Resovling Issue of Squid in Transparent Mode. and That is fine.
Considering following scenario. there are some developers developing web-sites which is hosted out side Squid-Cache and they are testing it through m/c inside the Squid. This is scenario can be found at many place. they have entry in a.b.c.d my-site.com in there /etc/hosts or <win dir>/hosts file. & my-site.com is not registered publically now when this requests comes to squid in Transparent model, Destination IP address is already resolved by their m/c's respective DNS Server. Squid again checks it to prevent some Security holes. and When squid tries to DNS Look-up It failes obviously because DNS server has no entry for my-site.com. This can be solved using following approach: Assuming DNS is Failed for my-site.com Squid gets destination IP Address from IP Header using getsockopt(). and then connects to that IP address. [Note: We are connecting after DNS Lookup which is phase in Squid after ACL Check so ALL Access Checks had done before this operation and request is allowed one] and Servers the requested Object. My Question is: Does this approach adds any Security Hole or Problem in Squid.[ Assuming we are providing necessary priviledges to do getsockopt()] and Whether Squid caches Downloaded Objects from my-site.com. if So what will be the Object Key and will it create some problem for serving ? later request for my-site.com with different IP [not a.b.c.d] Waiting for Reply, Atit Jariwala
