However, what gets me is all these transparent web-caches that due to their nature fail to proxy web-requests to alternative TLD sites.
At the risk of getting even more off-topic... I was under the impression that transparent in-line caches don't have to do DNS lookups at all as the web browser has already done that and tried to connect to the IP of the web site before the traffic is intercepted by the cache.
(not that I'm a big fan of transparent caches, but I've never seen them block like that)
This is not true. You should *always* do DNS lookup's on all domains being requested of a web proxy. If you blindly use the IP address that has been resolved by the customer then you are opening yourself up for "cache hijacking" attacks. What's to stop me sending a request to the IP address of thehun.net with a host header of cnn.com thus forcing thehun's "interesting" content into the cache in place of cnn's "boring" content? At the very least you must make sure that the host header matches the IP address of the requested site. Cheers. James Tyson --- Samizdat New Media Solutions --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog