You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2014/08/06 22:38:40 UTC

[2/3] git commit: TS-2954 Document changes for use_client_target_addr

TS-2954
Document changes for use_client_target_addr


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/826310cc
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/826310cc
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/826310cc

Branch: refs/heads/master
Commit: 826310ccc517350a105ec1e9f966cc0db6124937
Parents: d10738e
Author: shinrich <sh...@network-geographics.com>
Authored: Wed Aug 6 12:24:22 2014 -0500
Committer: shinrich <sh...@network-geographics.com>
Committed: Wed Aug 6 12:24:22 2014 -0500

----------------------------------------------------------------------
 doc/reference/configuration/records.config.en.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/826310cc/doc/reference/configuration/records.config.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst
index 668c83a..01770ae 100644
--- a/doc/reference/configuration/records.config.en.rst
+++ b/doc/reference/configuration/records.config.en.rst
@@ -710,6 +710,18 @@ effective if the following three conditions are true -
 If any of these conditions are not true, then normal DNS processing
 is done for the connection.
 
+There are three valid values.
+*  0 - Disables the feature.
+*  1 - Enables the feature with address verification.  The Proxy does the 
+regular DNS processing.  If the client-specified origin address is not in the 
+set of addresses found by the Proxy, the request continues to the client
+specified address, but the result is not cached.
+*  2 - Enables the feature with no address verification.  No DNS processing
+is performed.  The result is cached (if allowed otherwise).  This option is
+vulnerable to cache poisoning if an incorrect Host header is specified, so
+this option should be used with extreme caution.  See bug TS-2954 for 
+details.
+
 If all of these conditions are met, then the origin server IP
 address is retrieved from the original client connection, rather
 than through HostDB or DNS lookup. In effect, client DNS resolution