Host verify: do not pinn destination IP if URL re-write has been done.

author Amos Jeffries <squid3@treenet.co.nz>

Mon, 10 Oct 2011 11:54:04 +0000 (05:54 -0600)

committer Amos Jeffries <squid3@treenet.co.nz>

Mon, 10 Oct 2011 11:54:04 +0000 (05:54 -0600)
author Amos Jeffries <squid3@treenet.co.nz>
Mon, 10 Oct 2011 11:54:04 +0000 (05:54 -0600)
committer Amos Jeffries <squid3@treenet.co.nz>
Mon, 10 Oct 2011 11:54:04 +0000 (05:54 -0600)
diff --git a/src/forward.cc b/src/forward.cc

index cb52ffa612385ab24493e8e47cf5feaf549e4e20..5e24d333b11ada802b08f72e48474d79a8de2da0 100644 (file)
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -120,7 +120,7 @@ void FwdState::start(Pointer aSelf)
      // Bug 3243: CVE 2009-0801
      // Bypass of browser same-origin access control in intercepted communication
      // To resolve this we must force DIRECT and only to the original client destination.
-    if (Config.onoff.client_dst_passthru && request &&
+    if (Config.onoff.client_dst_passthru && request && !request->flags.redirected &&
              (request->flags.intercepted || request->flags.spoof_client_ip)) {
          Comm::ConnectionPointer p = new Comm::Connection();
          p->remote = clientConn->local;
author	Amos Jeffries <squid3@treenet.co.nz>
	Mon, 10 Oct 2011 11:54:04 +0000 (05:54 -0600)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Mon, 10 Oct 2011 11:54:04 +0000 (05:54 -0600)