[squid-users] Host header forgery policy in service provider environment
garryd at comnet.uz
garryd at comnet.uz
Fri Jan 1 18:52:35 UTC 2016
On 2015-12-31 13:31, Amos Jeffries wrote:
> On 2015-12-31 00:01, Garri Djavadyan wrote:
>> Hello Squid members and developers!
>>
>> First of all, I wish you a Happy New Year 2016!
>>
>> The current Host header forgery policy effectively prevents a cache
>> poisoning. But also, I noticed, it deletes verified earlier cached
>> object. Is it possible to implement more careful algorithm as an
>> option? For example, if Squid will not delete earlier successfully
>> verified and valid cached object and serve forged request from the
>> cache if would be more effective and in same time secure behavior.
>
>
> This seems to be describing
> <http://bugs.squid-cache.org/show_bug.cgi?id=3940>
>
> So far we don't have a solution. Patches very welcome.
>
> Amos
Amos, thank you very much, bug
<http://bugs.squid-cache.org/show_bug.cgi?id=3940> exactly the same
problem I encountered! I've tested the proposed patch and updated the
bug report.
Kind Regards,
Garri
More information about the squid-users
mailing list