[squid-users] host header forgery check in docker environment

Amos Jeffries squid3 at treenet.co.nz
Mon Jun 18 04:13:56 UTC 2018

On 18/06/18 02:08, Kedar K wrote:
> Hello,
> I am hitting this issue when running squid in a docker with ssl parent
> cache_peer.

Can you describe that a bit clearer please? An end-client, two proxies
and origin server makes four HTTP agents involved with this traffic.

 Which of those proxies (and/or server) is inside the container?

 And how are you getting the traffic from the client to the first proxy?

> Host header forgery detected on local=11
> remote= 
> FD 15 flags=33 (local IP does not match any domain IP)
> ​The host ip of the docker would not resolve to a domain. How to
> work-around this problem?​

The agent being client for the proxy reporting this message apparently
thinks there is a origin server running at "" hosting some
domain name. They are trying to contact that origin server.


More information about the squid-users mailing list