[squid-users] Squid 4.x and Peek and Splice - Host Header Forgery
John Wright
unixdeaf at gmail.com
Tue Oct 18 13:32:47 UTC 2016
Hi,
I have a constant problem with Host header forgery detection on squid doing
peek and splice.
I see this most commonly with CDN, Amazon and microsoft due to the fact
there TTL is only 5 seconds on certain dns entries im connecting to. So
when my client connects through my squid i get host header issues due to
the contstant dns changes at these destinations.
I have ready many things online but how do i get around this. I basically
want to allow certain domains or ip subnets to not hit the host header
error (as things break at this point for me ).
Any ideas ?
One example is
sls.update.microsoft.com
Yes my client and Squid use same DNS server, i have even setup my squid as
a bind server and tried that just for fun same issue. Fact is the DNS at
these places changes so fast (5 seconds) the dns response keeps changing/
I just need these approved destinations to make it through
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161018/3ae3eac4/attachment.html>
More information about the squid-users
mailing list