[squid-users] Host header forgery policy in service provider environment
Amos Jeffries
squid3 at treenet.co.nz
Wed Jan 6 11:35:37 UTC 2016
On 6/01/2016 10:10 p.m., Garri Djavadyan wrote:
>> On 2015-12-31 00:01, Garri Djavadyan wrote:
>>> Hello Squid members and developers!
>>>
>>> First of all, I wish you a Happy New Year 2016!
>>>
>>> The current Host header forgery policy effectively prevents a cache
>>> poisoning. But also, I noticed, it deletes verified earlier cached
>>> object. Is it possible to implement more careful algorithm as an
>>> option? For example, if Squid will not delete earlier successfully
>>> verified and valid cached object and serve forged request from the
>>> cache if would be more effective and in same time secure behavior.
>>
>>
>> This seems to be describing
>> <http://bugs.squid-cache.org/show_bug.cgi?id=3940>
>>
>> So far we don't have a solution. Patches very welcome.
>>
>> Amos
>
> Amos, can recheck the bug report? I found the root cause of the problem
> and presented possible prototype solution, which solves the problem in
> my environment. Thank you in advance!
Got the bug update notice. The double-check may take a while to track
down all the side effects. Thank you very much in advance anyhow. :-)
Amos
More information about the squid-users
mailing list