Docs: mention Host validation effect on url_rewrite_host_header

author Amos Jeffries <squid3@treenet.co.nz>

Sun, 11 Sep 2011 05:22:43 +0000 (17:22 +1200)

committer Amos Jeffries <squid3@treenet.co.nz>

Sun, 11 Sep 2011 05:22:43 +0000 (17:22 +1200)
author Amos Jeffries <squid3@treenet.co.nz>
Sun, 11 Sep 2011 05:22:43 +0000 (17:22 +1200)
committer Amos Jeffries <squid3@treenet.co.nz>
Sun, 11 Sep 2011 05:22:43 +0000 (17:22 +1200)
diff --git a/src/cf.data.pre b/src/cf.data.pre

index e9ac298bc5410939c56b37bd813520e9d3e6f7e2..68ffda378c0d6b084501a04550c02b147f54c99b 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -3704,12 +3704,20 @@ TYPE: onoff
  DEFAULT: on
  LOC: Config.onoff.redir_rewrites_host
  DOC_START
-       By default Squid rewrites any Host: header in redirected
-       requests.  If you are running an accelerator this may
-       not be a wanted effect of a redirector.
-
+       To preserve same-origin security policies in browsers and
+       prevent Host: header forgery by redirectors Squid rewrites
+       any Host: header in redirected requests.
+       
+       If you are running an accelerator this may not be a wanted
+       effect of a redirector. This directive enables you disable
+       Host: alteration in reverse-proxy traffic.
+       
         WARNING: Entries are cached on the result of the URL rewriting
         process, so be careful if you have domain-virtual hosts.
+       
+       WARNING: Squid and other software verifies the URL and Host
+       are matching, so be careful not to relay through other proxies
+       or inspecting firewalls with this disabled.
  DOC_END
  
  NAME: url_rewrite_access redirector_access
author	Amos Jeffries <squid3@treenet.co.nz>
	Sun, 11 Sep 2011 05:22:43 +0000 (17:22 +1200)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Sun, 11 Sep 2011 05:22:43 +0000 (17:22 +1200)