"Elsen Marc" <[EMAIL PROTECTED]> writes:
[...] > > I never had this but I would suggest finding out whether you > are dealing with cache poisoning or perhaps 'browser poisoning' due > to cookie fiddling or whatever due to earlier visit of a malicious site. > This could easily be done by querying the cache directly for the > affected sites as in : I have checked this, and for the the sites that are affecte (they are not the same all the time) the expected html content (ie. the whatever/indec.html or whatnot) is replaced by a meta refresh to coolsavings. > > % telnet squid_host squid_port > GET http://www.rediff.com/ HTTP/1.0 > <double return> > > Verify this output and see whether this is rediff.com or 'coolsavings'. This is ecactly what happens when I find a site that is affected. > > Verify also, what is seen in access.log when trying this request. > Preferably I would do this, in such cases in an 'isolated mode' on squid, meaning > that squid is not dealing with other requests, to have a clear analysis of > this problem. > I'm trying to do this now, but I haven't been able to reproduce the problem in a controlled environment so far. -HCP
