diff options
| author | rofl0r <retnyg@gmx.net> | 2018-12-31 15:47:40 +0000 |
|---|---|---|
| committer | rofl0r <rofl0r@users.noreply.github.com> | 2019-12-21 00:43:45 +0000 |
| commit | f6d4da5d81694721bf50b2275621e7ce84e6da30 (patch) | |
| tree | 1874b1b9e979167074f4831f83bd58c5529a9924 /docs | |
| parent | 82e10935d2955923d419cb46ee97e0022a8dfdb0 (diff) | |
do hostname resolution only when it is absolutely necessary for ACL check
tinyproxy used to do a full hostname resolution whenever a new client
connection happened, which could cause very long delays (as reported in #198).
there's only a single place/scenario that actually requires a hostname, and
that is when an Allow/Deny rule exists for a hostname or domain, rather than
a raw IP address. since it is very likely this feature is not very widely used,
it makes absolute sense to only do the costly resolution when it is unavoidable.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/man5/tinyproxy.conf.txt.in | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in index afd3b6b..3e24852 100644 --- a/docs/man5/tinyproxy.conf.txt.in +++ b/docs/man5/tinyproxy.conf.txt.in @@ -196,6 +196,9 @@ The possible keywords and their descriptions are as follows: end of the client host name, i.e, this can be a full host name like `host.example.com` or a domain name like `.example.com` or even a top level domain name like `.com`. + Note that by adding a rule using a host or domain name, a costly name + lookup has to be done for every new connection, which could slow down + the service considerably. *AddHeader*:: |