James Tyson
This is not true. You should *always* do DNS lookup's on all domains being requested of a web proxy. If you blindly use the IP address that has been resolved by the customer then you are opening yourself up for "cache hijacking" attacks. What's to stop me sending a request to the IP address of thehun.net with a host header of cnn.com thus forcing thehun's "interesting" content into the cache in place of cnn's "boring" content?
At the very least you must make sure that the host header matches the IP address of the requested site.
If the destination IP address does not match any address mapped by the Host: header, one could simply treat that as a cue not to cache the downloaded page(s), and continue to the supplied IP address. That approach would also help prevent surprises in cases where DNS caching means that the client's view of a given name differs from the ISP's. -- don --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog