From owner-freebsd-stable  Wed Apr  8 09:09:57 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA28289
          for freebsd-stable-outgoing; Wed, 8 Apr 1998 09:09:57 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from pop.uniserve.com (pop.uniserve.com [204.244.156.3])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id JAA28073
          for <freebsd-stable@freebsd.org>; Wed, 8 Apr 1998 09:08:51 -0700 (PDT)
          (envelope-from tom@uniserve.com)
Received: from shell.uniserve.com [204.244.186.218] 
	by pop.uniserve.com with smtp (Exim 1.82 #4)
	id 0yMxN5-00030z-00; Wed, 8 Apr 1998 09:06:43 -0700
Date: Wed, 8 Apr 1998 09:06:41 -0700 (PDT)
From: Tom <tom@uniserve.com>
To: S White <swhite@gov.za>
cc: "Daniel O'Connor" <doconnor@gsoft.com.au>,
        Ruslan Ermilov <ru@ucb.crimea.ua>, freebsd-stable@FreeBSD.ORG
Subject: Re: Simple IPFW question 
In-Reply-To: <Pine.BSF.3.96.980408085451.18999B-100000@ns2.x-link.ml.org>
Message-ID: <Pine.BSF.3.96.980408090446.4924A-100000@shell.uniserve.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk


On Wed, 8 Apr 1998, S White wrote:

> On Tue, 7 Apr 1998, Tom wrote:
> 
> >   In httpd acceleration mode, squid is designed to accelerate access to a
> > particular http server which you must define:
> > 
> > #       If you want to run squid as an httpd accelerator, define the
> > #       host name and port number where the real HTTP server is.
> 
> Squid can also act as a transparent proxy for multiple web servers quite
> happily with some tweaking. Been there, done that, love the T-shirt...
> 
> #  TAG: httpd_accel_uses_host_header
> #       HTTP/1.1 requests include a Host: header which is basically the
> #       hostname from the URL.  Squid can be an accelerator for
> #       different HTTP servers by looking at this header.  However,
> #       Squid does NOT check the value of the Host header, so it opens
> #       a big security hole.  We recommend that this option remain
> #       disabled unless you are sure of what you are doing.
> #
> httpd_accel_uses_host_header on
> 
> Since this isn't really a -stable issue, this will be my first and last
> posting to the list on this issue... we can take it elsewhere if desired.
> *grin*

  But how did you convice FreeBSD ipfw/natd to intercept and divert http
traffic to such a server?

  Also, a good number of clients are HTTP/1.1 yet, so it would be nice if
the FreeBSD natd could add a Host: header to the request based on the
destination IP.

> Regards,
> - Sean.

Tom


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message