Prevents more posibilities for data leakage by making the default
surrogate ID based on visible_hostname (public FQDN for the proxy).
Now that Surrogate_Capability: header is sent by default in accelerator
environments it makes more sense to default it to a value fairly unique
or at least restricted to that local administrative domain.
When visible_hostname is setup correctly (either automatic or manual)
each stand-alone squid install should have a unique ID. Groups of proxies
sharing work for a domain should also be by default sharing an ID and
thus sharing the override behavior.
When visible_hostname is unavailable it will retain the old default of
'unset-id'.
uniqueHostname(),
visible_appname_string);
+ /* Use visible_hostname as default surrogate_id */
+ if (!Config.Accel.surrogate_id) {
+ const char *t = getMyHostname();
+ Config.Accel.surrogate_id = xstrdup( (t?t:"unset-id") );
+ }
+
if (!Config.udpMaxHitObjsz || Config.udpMaxHitObjsz > SQUID_UDP_SO_SNDBUF)
Config.udpMaxHitObjsz = SQUID_UDP_SO_SNDBUF;
NAME: httpd_accel_surrogate_id
TYPE: string
+DEFAULT: none
LOC: Config.Accel.surrogate_id
-DEFAULT: unset-id
DOC_START
Surrogates (http://www.esi.org/architecture_spec_1.0.html)
need an identification token to allow control targeting. Because
a farm of surrogates may all perform the same tasks, they may share
an identification token.
+
+ The default ID is the visible_hostname
DOC_END
NAME: http_accel_surrogate_remote
projects / thirdparty / squid.git / commitdiff
