From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 10 Oct 2011 11:54:04 +0000 (-0600)
Subject: Host verify: do not pinn destination IP if URL re-write has been done.
X-Git-Tag: BumpSslServerFirst.take01~109
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4308c678565869eb0f19f744b74e6a9fc10ffee1;p=thirdparty%2Fsquid.git

Host verify: do not pinn destination IP if URL re-write has been done.
---

diff --git a/src/forward.cc b/src/forward.cc
index cb52ffa612..5e24d333b1 100644
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -120,7 +120,7 @@ void FwdState::start(Pointer aSelf)
     // Bug 3243: CVE 2009-0801
     // Bypass of browser same-origin access control in intercepted communication
     // To resolve this we must force DIRECT and only to the original client destination.
-    if (Config.onoff.client_dst_passthru && request &&
+    if (Config.onoff.client_dst_passthru && request && !request->flags.redirected &&
             (request->flags.intercepted || request->flags.spoof_client_ip)) {
         Comm::ConnectionPointer p = new Comm::Connection();
         p->remote = clientConn->local;