[squid-dev] Allowing the admin to decide if a specific DNS+ip is ok for caching.

Eliezer Croitoru eliezer at ngtech.co.il
Wed Jul 18 16:56:35 UTC 2018

Hey Squid-Dev's,


Currently Squid-Cache forces Host Header Forgery on http and https requests.

-          https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery

Squid is working properly or "the best" when the client and the proxy use
the same DNS service.

In the past I have asked about defining a bumped connection as secured and
to disable host header forgery checks on some of these.

The conditions are:

-          Squid validates that the server certificate is valid against the
local CA bundles (an admin can add or remove a certificate manually or

-          The admin defines an external tool that verifies and/or allows
host header forgery to be disabled per request.


I am in the middle of testing 4.1 and wondering what is expected from 4.1
regarding host header forgery.

Was there any change of policy?






Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> 
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20180718/7606c81c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 11308 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20180718/7606c81c/attachment-0001.png>

More information about the squid-dev mailing list