[squid-users] Host header forgery policy in service provider environment

Amos Jeffries squid3 at treenet.co.nz
Thu Dec 31 08:31:53 UTC 2015

On 2015-12-31 00:01, Garri Djavadyan wrote:
> Hello Squid members and developers!
> First of all, I wish you a Happy New Year 2016!
> The current Host header forgery policy effectively prevents a cache
> poisoning. But also, I noticed, it deletes verified earlier cached
> object. Is it possible to implement more careful algorithm as an
> option? For example, if Squid will not delete earlier successfully
> verified and valid cached object and serve forged request from the
> cache if would be more effective and in same time secure behavior.

This seems to be describing 

So far we don't have a solution. Patches very welcome.


More information about the squid-users mailing list