From f6d4da5d81694721bf50b2275621e7ce84e6da30 Mon Sep 17 00:00:00 2001
From: rofl0r <retnyg@gmx.net>
Date: Mon, 31 Dec 2018 15:47:40 +0000
Subject: do hostname resolution only when it is absolutely necessary for ACL
 check

tinyproxy used to do a full hostname resolution whenever a new client
connection happened, which could cause very long delays (as reported in #198).

there's only a single place/scenario that actually requires a hostname, and
that is when an Allow/Deny rule exists for a hostname or domain, rather than
a raw IP address. since it is very likely this feature is not very widely used,
it makes absolute sense to only do the costly resolution when it is unavoidable.
---
 docs/man5/tinyproxy.conf.txt.in | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'docs/man5')

diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in
index afd3b6b..3e24852 100644
--- a/docs/man5/tinyproxy.conf.txt.in
+++ b/docs/man5/tinyproxy.conf.txt.in
@@ -196,6 +196,9 @@ The possible keywords and their descriptions are as follows:
     end of the client host name, i.e, this can be a full host name
     like `host.example.com` or a domain name like `.example.com` or
     even a top level domain name like `.com`.
+    Note that by adding a rule using a host or domain name, a costly name
+    lookup has to be done for every new connection, which could slow down
+    the service considerably.
 
 *AddHeader*::
 
-- 
cgit v1.2.3