<div dir="ltr">My application sends  HTTP CONNECT requests to a HTTP proxy port 80, but gets a squid ERR_CONFLICT_HOST error page.<div><br></div><div>Is the following code really working as the comments pointed out "ignore them" since the following if condition is "http->request->method != Http::METHOD_CONNECT"</div><div>and the rest has been blocked by error page "repContext->setReplyToError(ERR_CONFLICT_HOST, Http::scConflict,"?</div><div><br></div><div>Does "ignore them" mean block them? <br><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-js-code-nav-container gmail-js-tagsearch-file" style="border-spacing:0px;border-collapse:collapse;color:rgb(201,209,217);font-family:-apple-system,"system-ui","Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:14px;background-color:rgb(13,17,23)"><tbody style="box-sizing:border-box"><tr style="background-color:transparent;box-sizing:border-box"></tr><tr style="background-color:transparent;box-sizing:border-box"><td id="gmail-LC536" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;white-space:pre"><span class="gmail-pl-k" style="box-sizing:border-box">void</span></td></tr><tr style="box-sizing:border-box"><td id="gmail-L537" class="gmail-blob-num gmail-js-line-number gmail-js-code-nav-line-number gmail-js-blob-rnum" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;line-height:20px;text-align:right;white-space:nowrap;vertical-align:top"></td><td id="gmail-LC537" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;white-space:pre"><span class="gmail-pl-en" style="box-sizing:border-box">ClientRequestContext::hostHeaderVerifyFailed</span>(<span class="gmail-pl-k" style="box-sizing:border-box">const</span> <span class="gmail-pl-k" style="box-sizing:border-box">char</span> *A, <span class="gmail-pl-k" style="box-sizing:border-box">const</span> <span class="gmail-pl-k" style="box-sizing:border-box">char</span> *B)</td></tr><tr style="background-color:transparent;box-sizing:border-box"><td id="gmail-L538" class="gmail-blob-num gmail-js-line-number gmail-js-code-nav-line-number gmail-js-blob-rnum" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;line-height:20px;text-align:right;white-space:nowrap;vertical-align:top"></td><td id="gmail-LC538" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;white-space:pre">{</td></tr><tr style="box-sizing:border-box"><td id="gmail-L539" class="gmail-blob-num gmail-js-line-number gmail-js-code-nav-line-number gmail-js-blob-rnum" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;line-height:20px;text-align:right;white-space:nowrap;vertical-align:top"></td><td id="gmail-LC539" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;white-space:pre">    <span class="gmail-pl-c" style="box-sizing:border-box"><span class="gmail-pl-c" style="box-sizing:border-box">//</span> IP address validation for Host: failed. Admin wants to ignore them.</span></td></tr><tr style="background-color:transparent;box-sizing:border-box"><td id="gmail-L540" class="gmail-blob-num gmail-js-line-number gmail-js-code-nav-line-number gmail-js-blob-rnum" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;line-height:20px;text-align:right;white-space:nowrap;vertical-align:top"></td><td id="gmail-LC540" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;white-space:pre">    <span class="gmail-pl-c" style="box-sizing:border-box"><span class="gmail-pl-c" style="box-sizing:border-box">//</span> NP: we do not yet handle CONNECT tunnels well, so ignore for them</span></td></tr><tr style="box-sizing:border-box"><td id="gmail-L541" class="gmail-blob-num gmail-js-line-number gmail-js-code-nav-line-number gmail-js-blob-rnum" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;line-height:20px;text-align:right;white-space:nowrap;vertical-align:top"></td><td id="gmail-LC541" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;white-space:pre">    <span class="gmail-pl-k" style="box-sizing:border-box">if</span> (!Config.<span class="gmail-pl-smi" style="box-sizing:border-box">onoff</span>.<span class="gmail-pl-smi" style="box-sizing:border-box">hostStrictVerify</span> && http-><span class="gmail-pl-smi" style="box-sizing:border-box">request</span>-><span class="gmail-pl-smi" style="box-sizing:border-box">method</span> != Http::METHOD_CONNECT) {</td></tr><tr style="background-color:transparent;box-sizing:border-box"><td id="gmail-L542" class="gmail-blob-num gmail-js-line-number gmail-js-code-nav-line-number gmail-js-blob-rnum" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;line-height:20px;text-align:right;white-space:nowrap;vertical-align:top"></td><td id="gmail-LC542" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;white-space:pre">        <span class="gmail-pl-c1" style="box-sizing:border-box">debugs</span>(<span class="gmail-pl-c1" style="box-sizing:border-box">85</span>, <span class="gmail-pl-c1" style="box-sizing:border-box">3</span>, <span class="gmail-pl-s" style="box-sizing:border-box"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span>SECURITY ALERT: Host header forgery detected on <span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span> << http-><span class="gmail-pl-c1" style="box-sizing:border-box">getConn</span>()-><span class="gmail-pl-smi" style="box-sizing:border-box">clientConnection</span> <<</td></tr><tr style="box-sizing:border-box"><td id="gmail-L543" class="gmail-blob-num gmail-js-line-number gmail-js-code-nav-line-number gmail-js-blob-rnum" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;line-height:20px;text-align:right;white-space:nowrap;vertical-align:top"></td><td id="gmail-LC543" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;white-space:pre">               <span class="gmail-pl-s" style="box-sizing:border-box"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span> (<span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span> << A << <span class="gmail-pl-s" style="box-sizing:border-box"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span> does not match <span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span> << B << <span class="gmail-pl-s" style="box-sizing:border-box"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span>) on URL: <span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span> << http-><span class="gmail-pl-smi" style="box-sizing:border-box">request</span>-><span class="gmail-pl-c1" style="box-sizing:border-box">effectiveRequestUri</span>());</td></tr><tr style="background-color:transparent;box-sizing:border-box"></tr></tbody></table></div><div><br class="gmail-Apple-interchange-newline"></div><div><br></div><div><div>How does the squid get "hostHeaderVerifyFailed" for a normal HTTP CONNECT request to a HTTP Proxy as simple as below?</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>CONNECT <a href="http://www.zscaler.com:80">www.zscaler.com:80</a> HTTP/1.1</div><div>Host: <a href="http://www.zscaler.com:80">www.zscaler.com:80</a></div><div>User-Agent: Windows Microsoft Windows 10 Enterprise ZTunnel/1.0</div><div>Proxy-Connection: keep-alive</div><div>Connection: keep-alive</div></blockquote><div><br></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div>HTTP/1.1 409 Conflict</div></div><div><div>Server: squid</div></div><div><div>Mime-Version: 1.0</div></div><div><div>Date: Tue, 22 Feb 2022 20:59:42 GMT</div></div><div><div>Content-Type: text/html;charset=utf-8</div></div><div><div>Content-Length: 2072</div></div><div><div>X-Squid-Error: ERR_CONFLICT_HOST 0</div></div><div><div>Vary: Accept-Language</div></div><div><div>Content-Language: en</div></div><div><div>X-Cache: MISS from 3</div></div><div><div>Via: 1.1 3 (squid)</div></div><div><div>Connection: keep-alive</div></div></blockquote><div><br class="gmail-Apple-interchange-newline"></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div></head><body id=ERR_CONFLICT_HOST></div><div><div id="titles"></div><div><h1>ERROR</h1></div><div><h2>The requested URL could not be retrieved</h2></div><div></div></div><div><hr></div></blockquote><div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div id="content"></div><div><p>The following error was encountered while trying to retrieve the URL: <a href="<a href="http://www.zscaler.com:80">www.zscaler.com:80</a>"><a href="http://www.zscaler.com:80">www.zscaler.com:80</a></a></p></div><div>......</div><div><br></div><div><br></div><div><br></div></blockquote><div>Thank you for any help on the understanding!</div><div><br></div><div>Paul Ling</div></div>