<div dir="auto">Hi, Eliezer</div><div dir="auto"><br></div><div dir="auto">Thank you for replying!</div><div dir="auto"><br></div><div dir="auto">As a client app developer, my customer reports  some issues with the airline and hotel WiFi , I am not able to provide the squid.conf, neither WiFi provider won’t tell me that.</div><div dir="auto"><br></div><div dir="auto">I am here just try to understand how the squid determines host conflicts for a simple http connect proxy request?</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Mar 3, 2022 at 6:28 PM Eliezer Croitoru <<a href="mailto:ngtech1ltd@gmail.com">ngtech1ltd@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word"><div class="m_3586559682975755522WordSection1"><p class="MsoNormal">I am not sure if it’s for Squid-dev but anyway to clear out the doubts I would suggest attaching the squid.conf <br>and remember to remove any sensitive data.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Eliezer<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">----<u></u><u></u></p><p class="MsoNormal">Eliezer Croitoru<u></u><u></u></p><p class="MsoNormal">NgTech, Tech Support<u></u><u></u></p><p class="MsoNormal">Mobile: +972-5-28704261<u></u><u></u></p><p class="MsoNormal">Email: <a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a><u></u><u></u></p></div></div><div lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word"><div class="m_3586559682975755522WordSection1"><p class="MsoNormal"><u></u> <u></u></p><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b>From:</b> squid-dev <<a href="mailto:squid-dev-bounces@lists.squid-cache.org" target="_blank">squid-dev-bounces@lists.squid-cache.org</a>> <b>On Behalf Of </b>YFone Ling<br><b>Sent:</b> Thursday, March 3, 2022 22:55<br><b>To:</b> <a href="mailto:squid-dev@lists.squid-cache.org" target="_blank">squid-dev@lists.squid-cache.org</a><br><b>Subject:</b> [squid-dev] ERR_CONFLICT_HOST for HTTP CONNECT request on port 80<u></u><u></u></p></div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">My application sends  HTTP CONNECT requests to a HTTP proxy port 80, but gets a squid ERR_CONFLICT_HOST error page.<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Is the following code really working as the comments pointed out "ignore them" since the following if condition is "http->request->method != Http::METHOD_CONNECT"<u></u><u></u></p></div><div><p class="MsoNormal">and the rest has been blocked by error page "repContext->setReplyToError(ERR_CONFLICT_HOST, Http::scConflict,"?<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Does "ignore them" mean block them? <u></u><u></u></p><table border="0" cellspacing="0" cellpadding="0" style="background:#0d1117;border-collapse:collapse;border-spacing:0px"><tbody><tr style="box-sizing:border-box"><td style="background:transparent;padding:.75pt .75pt .75pt .75pt"></td></tr><tr style="box-sizing:border-box"><td valign="top" style="background:transparent;padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;overflow:visible" id="m_3586559682975755522gmail-LC536"><p class="MsoNormal" style="line-height:15.0pt"><span class="m_3586559682975755522gmail-pl-k"><span style="font-size:9.0pt;font-family:Consolas;color:#c9d1d9">void</span></span><span style="font-size:9.0pt;font-family:Consolas;color:#c9d1d9"><u></u><u></u></span></p></td></tr><tr style="box-sizing:border-box"><td width="50" nowrap valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;min-width:50px" id="m_3586559682975755522gmail-L537"></td><td valign="top" style="padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;overflow:visible" id="m_3586559682975755522gmail-LC537"><p class="MsoNormal" style="line-height:15.0pt"><span class="m_3586559682975755522gmail-pl-en"><span style="font-size:9.0pt;font-family:Consolas;color:#c9d1d9">ClientRequestContext::hostHeaderVerifyFailed</span></span><span style="font-size:9.0pt;font-family:Consolas;color:#c9d1d9">(<span class="m_3586559682975755522gmail-pl-k">const</span> <span class="m_3586559682975755522gmail-pl-k">char</span> *A, <span class="m_3586559682975755522gmail-pl-k">const</span> <span class="m_3586559682975755522gmail-pl-k">char</span> *B)<u></u><u></u></span></p></td></tr><tr style="box-sizing:border-box"><td width="50" nowrap valign="top" style="width:37.5pt;background:transparent;padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;min-width:50px" id="m_3586559682975755522gmail-L538"></td><td valign="top" style="background:transparent;padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;overflow:visible" id="m_3586559682975755522gmail-LC538"><p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#c9d1d9">{<u></u><u></u></span></p></td></tr><tr style="box-sizing:border-box"><td width="50" nowrap valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;min-width:50px" id="m_3586559682975755522gmail-L539"></td><td valign="top" style="padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;overflow:visible" id="m_3586559682975755522gmail-LC539"><p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#c9d1d9">    <span class="m_3586559682975755522gmail-pl-c">// IP address validation for Host: failed. Admin wants to ignore them.</span><u></u><u></u></span></p></td></tr><tr style="box-sizing:border-box"><td width="50" nowrap valign="top" style="width:37.5pt;background:transparent;padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;min-width:50px" id="m_3586559682975755522gmail-L540"></td><td valign="top" style="background:transparent;padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;overflow:visible" id="m_3586559682975755522gmail-LC540"><p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#c9d1d9">    <span class="m_3586559682975755522gmail-pl-c">// NP: we do not yet handle CONNECT tunnels well, so ignore for them</span><u></u><u></u></span></p></td></tr><tr style="box-sizing:border-box"><td width="50" nowrap valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;min-width:50px" id="m_3586559682975755522gmail-L541"></td><td valign="top" style="padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;overflow:visible" id="m_3586559682975755522gmail-LC541"><p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#c9d1d9">    <span class="m_3586559682975755522gmail-pl-k">if</span> (!Config.<span class="m_3586559682975755522gmail-pl-smi">onoff</span>.<span class="m_3586559682975755522gmail-pl-smi">hostStrictVerify</span> && http-><span class="m_3586559682975755522gmail-pl-smi">request</span>-><span class="m_3586559682975755522gmail-pl-smi">method</span> != Http::METHOD_CONNECT) {<u></u><u></u></span></p></td></tr><tr style="box-sizing:border-box"><td width="50" nowrap valign="top" style="width:37.5pt;background:transparent;padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;min-width:50px" id="m_3586559682975755522gmail-L542"></td><td valign="top" style="background:transparent;padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;overflow:visible" id="m_3586559682975755522gmail-LC542"><p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#c9d1d9">        <span class="m_3586559682975755522gmail-pl-c1">debugs</span>(<span class="m_3586559682975755522gmail-pl-c1">85</span>, <span class="m_3586559682975755522gmail-pl-c1">3</span>, <span class="m_3586559682975755522gmail-pl-pds">"</span><span class="m_3586559682975755522gmail-pl-s">SECURITY ALERT: Host header forgery detected on </span><span class="m_3586559682975755522gmail-pl-pds">"</span> << http-><span class="m_3586559682975755522gmail-pl-c1">getConn</span>()-><span class="m_3586559682975755522gmail-pl-smi">clientConnection</span> <<<u></u><u></u></span></p></td></tr><tr style="box-sizing:border-box"><td width="50" nowrap valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;min-width:50px" id="m_3586559682975755522gmail-L543"></td><td valign="top" style="padding:0in 7.5pt 0in 7.5pt;box-sizing:border-box;overflow:visible" id="m_3586559682975755522gmail-LC543"><p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#c9d1d9">               <span class="m_3586559682975755522gmail-pl-pds">"</span><span class="m_3586559682975755522gmail-pl-s"> (</span><span class="m_3586559682975755522gmail-pl-pds">"</span> << A << <span class="m_3586559682975755522gmail-pl-pds">"</span><span class="m_3586559682975755522gmail-pl-s"> does not match </span><span class="m_3586559682975755522gmail-pl-pds">"</span> << B << <span class="m_3586559682975755522gmail-pl-pds">"</span><span class="m_3586559682975755522gmail-pl-s">) on URL: </span><span class="m_3586559682975755522gmail-pl-pds">"</span> << http-><span class="m_3586559682975755522gmail-pl-smi">request</span>-><span class="m_3586559682975755522gmail-pl-c1">effectiveRequestUri</span>());<u></u><u></u></span></p></td></tr><tr style="box-sizing:border-box"><td style="background:transparent;padding:.75pt .75pt .75pt .75pt"></td><td style="background:transparent;padding:.75pt .75pt .75pt .75pt"></td></tr></tbody></table></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><div><p class="MsoNormal">How does the squid get "hostHeaderVerifyFailed" for a normal HTTP CONNECT request to a HTTP Proxy as simple as below?<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><blockquote style="margin-left:30.0pt;margin-right:0in"><div><p class="MsoNormal">CONNECT <a href="http://www.zscaler.com:80" target="_blank">www.zscaler.com:80</a> HTTP/1.1<u></u><u></u></p></div><div><p class="MsoNormal">Host: <a href="http://www.zscaler.com:80" target="_blank">www.zscaler.com:80</a><u></u><u></u></p></div><div><p class="MsoNormal">User-Agent: Windows Microsoft Windows 10 Enterprise ZTunnel/1.0<u></u><u></u></p></div><div><p class="MsoNormal">Proxy-Connection: keep-alive<u></u><u></u></p></div><div><p class="MsoNormal">Connection: keep-alive<u></u><u></u></p></div></blockquote><div><p class="MsoNormal"><u></u> <u></u></p></div></div><blockquote style="margin-left:30.0pt;margin-right:0in"><div><div><p class="MsoNormal">HTTP/1.1 409 Conflict<u></u><u></u></p></div></div><div><div><p class="MsoNormal">Server: squid<u></u><u></u></p></div></div><div><div><p class="MsoNormal">Mime-Version: 1.0<u></u><u></u></p></div></div><div><div><p class="MsoNormal">Date: Tue, 22 Feb 2022 20:59:42 GMT<u></u><u></u></p></div></div><div><div><p class="MsoNormal">Content-Type: text/html;charset=utf-8<u></u><u></u></p></div></div><div><div><p class="MsoNormal">Content-Length: 2072<u></u><u></u></p></div></div><div><div><p class="MsoNormal">X-Squid-Error: ERR_CONFLICT_HOST 0<u></u><u></u></p></div></div><div><div><p class="MsoNormal">Vary: Accept-Language<u></u><u></u></p></div></div><div><div><p class="MsoNormal">Content-Language: en<u></u><u></u></p></div></div><div><div><p class="MsoNormal">X-Cache: MISS from 3<u></u><u></u></p></div></div><div><div><p class="MsoNormal">Via: 1.1 3 (squid)<u></u><u></u></p></div></div><div><div><p class="MsoNormal">Connection: keep-alive<u></u><u></u></p></div></div></blockquote><div><p class="MsoNormal"><u></u> <u></u></p></div><blockquote style="margin-left:30.0pt;margin-right:0in"><div><p class="MsoNormal"></head><body id=ERR_CONFLICT_HOST><u></u><u></u></p></div><div><p class="MsoNormal"><div id="titles"><u></u><u></u></p></div><div><p class="MsoNormal"><h1>ERROR</h1><u></u><u></u></p></div><div><p class="MsoNormal"><h2>The requested URL could not be retrieved</h2><u></u><u></u></p></div><div><p class="MsoNormal"></div><u></u><u></u></p></div><div><p class="MsoNormal"><hr><u></u><u></u></p></div></blockquote><div><p class="MsoNormal"><u></u> <u></u></p></div><blockquote style="margin-left:30.0pt;margin-right:0in"><div><p class="MsoNormal"><div id="content"><u></u><u></u></p></div><div><p class="MsoNormal"><p>The following error was encountered while trying to retrieve the URL: <a href="<a href="http://www.zscaler.com:80" target="_blank">www.zscaler.com:80</a>"><a href="http://www.zscaler.com:80" target="_blank">www.zscaler.com:80</a></a></p><u></u><u></u></p></div><div><p class="MsoNormal">......<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div></blockquote><div><p class="MsoNormal">Thank you for any help on the understanding!<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Paul Ling<u></u><u></u></p></div></div></div></div></blockquote></div></div>