> > Not just the Squid machine but *all* the clients going through your Squid >> also have to be using the same DNS resolver for that workaround. Any of >> them using other resolvers (eg 8.8.8.8 or similar services) *will* hit >> these errors. >> > > > And this is my dns config in squid.config : >> >> # --------- DNS AND IP CACHES [4341] >> >> dns_nameservers 127.0.0.1 >> dns_v4_first on >> #original_dst off >> client_dst_passthru off >> > > The above setting is rejecting clients when the host verify fails. > TO let traffic through the proxy when host-verify fails set it back to the > default "client_dst_passthru on". > > The Host verify failure is most dangerous when cached - so that is always > prohibited. But upstream routing is difficult for Squid to determine - thus > that config option. It is left up to you whether you risk your clients > getting infected by that mechanism - Squid just minimizes the damage and > risk by limiting it to the one client making the suspicious request. > > Thanks alot for your suggestion, i thought that i made some mistake in my DNS. I will try to find out and show you the result. -- Thanks & Best Regards, -------------- Đỗ Hoàng Minh Hưng Gmail : hoangminh...@gmail.com SĐT : 01234454115
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
