[squid-dev] ERR_CONFLICT_HOST for HTTP CONNECT request on port 80

Eliezer Croitoru ngtech1ltd at gmail.com
Fri Mar 4 02:28:46 UTC 2022 

I am not sure if it’s for Squid-dev but anyway to clear out the doubts I would suggest attaching the squid.conf 
and remember to remove any sensitive data.

 

Eliezer

 

----

Eliezer Croitoru

NgTech, Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> 

 

From: squid-dev <squid-dev-bounces at lists.squid-cache.org> On Behalf Of YFone Ling
Sent: Thursday, March 3, 2022 22:55
To: squid-dev at lists.squid-cache.org
Subject: [squid-dev] ERR_CONFLICT_HOST for HTTP CONNECT request on port 80

 

My application sends  HTTP CONNECT requests to a HTTP proxy port 80, but gets a squid ERR_CONFLICT_HOST error page.

 

Is the following code really working as the comments pointed out "ignore them" since the following if condition is "http->request->method != Http::METHOD_CONNECT"

and the rest has been blocked by error page "repContext->setReplyToError(ERR_CONFLICT_HOST, Http::scConflict,"?

 

Does "ignore them" mean block them? 

	

void

	
ClientRequestContext::hostHeaderVerifyFailed(const char *A, const char *B)

	
{

	
    // IP address validation for Host: failed. Admin wants to ignore them.

	
    // NP: we do not yet handle CONNECT tunnels well, so ignore for them

	
    if (!Config.onoff.hostStrictVerify && http->request->method != Http::METHOD_CONNECT) {

	
        debugs(85, 3, "SECURITY ALERT: Host header forgery detected on " << http->getConn()->clientConnection <<

	
               " (" << A << " does not match " << B << ") on URL: " << http->request->effectiveRequestUri());

		

 

 

How does the squid get "hostHeaderVerifyFailed" for a normal HTTP CONNECT request to a HTTP Proxy as simple as below?

 

CONNECT www.zscaler.com:80 <http://www.zscaler.com:80>  HTTP/1.1

Host: www.zscaler.com:80 <http://www.zscaler.com:80> 

User-Agent: Windows Microsoft Windows 10 Enterprise ZTunnel/1.0

Proxy-Connection: keep-alive

Connection: keep-alive

 

HTTP/1.1 409 Conflict

Server: squid

Mime-Version: 1.0

Date: Tue, 22 Feb 2022 20:59:42 GMT

Content-Type: text/html;charset=utf-8

Content-Length: 2072

X-Squid-Error: ERR_CONFLICT_HOST 0

Vary: Accept-Language

Content-Language: en

X-Cache: MISS from 3

Via: 1.1 3 (squid)

Connection: keep-alive

 

</head><body id=ERR_CONFLICT_HOST>

<div id="titles">

<h1>ERROR</h1>

<h2>The requested URL could not be retrieved</h2>

</div>

<hr>

 

<div id="content">

<p>The following error was encountered while trying to retrieve the URL: <a href="www.zscaler.com:80 <http://www.zscaler.com:80> ">www.zscaler.com:80 <http://www.zscaler.com:80> </a></p>

......

 

 

 

Thank you for any help on the understanding!

 

Paul Ling

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20220304/d9f17cb7/attachment-0001.htm>

More information about the squid-dev mailing list