[squid-users] squid 4.1 and domain fronting

Gordon Hsiao capcoding at gmail.com
Sat Jul 21 21:10:46 UTC 2018


I just read "RFC 2616 compliant proxy will rewrite the Host header making
it impossible to do domain fronting over HTTP or where SSL/TLS interception
is taking place", also checked RFC 2616 page at squid site, it is unclear
to me that if squid can enforce host-header consistence with SNI to avoid
domain fronting whenever needed? or this should be done by
c-icap/redirector under peek+bump mode?

Gordon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180721/61fd4f40/attachment.html>


More information about the squid-users mailing list