From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 11 Sep 2011 05:22:43 +0000 (+1200)
Subject: Docs: mention Host validation effect on url_rewrite_host_header
X-Git-Tag: take08~4^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3ce338074d18a344b0916097a91bd661aa08a19b;p=thirdparty%2Fsquid.git

Docs: mention Host validation effect on url_rewrite_host_header
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index e9ac298bc5..68ffda378c 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -3704,12 +3704,20 @@ TYPE: onoff
 DEFAULT: on
 LOC: Config.onoff.redir_rewrites_host
 DOC_START
-	By default Squid rewrites any Host: header in redirected
-	requests.  If you are running an accelerator this may
-	not be a wanted effect of a redirector.
-
+	To preserve same-origin security policies in browsers and
+	prevent Host: header forgery by redirectors Squid rewrites
+	any Host: header in redirected requests.
+	
+	If you are running an accelerator this may not be a wanted
+	effect of a redirector. This directive enables you disable
+	Host: alteration in reverse-proxy traffic.
+	
 	WARNING: Entries are cached on the result of the URL rewriting
 	process, so be careful if you have domain-virtual hosts.
+	
+	WARNING: Squid and other software verifies the URL and Host
+	are matching, so be careful not to relay through other proxies
+	or inspecting firewalls with this disabled.
 DOC_END
 
 NAME: url_rewrite_access redirector_access