Named listen addresses in VCL
Poul-Henning Kamp
phk at phk.freebsd.dk
Mon Jul 4 17:21:01 CEST 2016
--------
In message <CABoVN9C6D2WwzYLaC0OzD146Gpi_oQ2Vt-G2oGg81Ko3tqrc_Q at mail.gmail.com>
, Dridi Boukelmoune writes:
>Inspired by stevedore names that (if I understood correctly) are now
>properly checked at vcc time, I'd like to add names to -a options too
>and introduce a new field in server too.
TCP/IP doesn't really work that way, in particular people forget that
packets may take different routes forth and back.
As best as I can tell, all your proposed uses would open you up to
rather trivial attacks, given a single compromised machine anywhere
in your DMZ.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-dev
mailing list