[squid-dev] Allowing the admin to decide if a specific DNS+ip is ok for caching.
Eliezer Croitoru
eliezer at ngtech.co.il
Wed Jul 18 16:56:35 UTC 2018
Hey Squid-Dev's,
Currently Squid-Cache forces Host Header Forgery on http and https requests.
- https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery
Squid is working properly or "the best" when the client and the proxy use
the same DNS service.
In the past I have asked about defining a bumped connection as secured and
to disable host header forgery checks on some of these.
The conditions are:
- Squid validates that the server certificate is valid against the
local CA bundles (an admin can add or remove a certificate manually or
automatically)
- The admin defines an external tool that verifies and/or allows
host header forgery to be disabled per request.
I am in the middle of testing 4.1 and wondering what is expected from 4.1
regarding host header forgery.
Was there any change of policy?
Thanks,
Eliezer
----
Eliezer Croitoru <http://ngtech.co.il/lmgtfy/>
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20180718/7606c81c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 11308 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20180718/7606c81c/attachment-0001.png>
More information about the squid-dev
mailing list