[squid-users] host_verify_strict is not working as expected
Sachin Gupta
sachingupta at salesforce.com
Mon Aug 2 06:12:50 UTC 2021
Hi All
I am using squid version 4.9. I did set host_verify_strict to on. As per
documentation in link
http://www.squid-cache.org/Doc/config/host_verify_strict The request should
fail if host header is different than uri.
I used this request and squid allowed the request though as per
documentaion, it should have returned 409. Can someone help. Logs are below.
curl -vvx 127.0.0.1:8080 -H "Host: https://route53.amazonaws.com"
https://ec2.amazonaws.com
* About to connect() to proxy 127.0.0.1 port 8080 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
* Establish HTTP proxy tunnel to ec2.amazonaws.com:443
> CONNECT ec2.amazonaws.com:443 HTTP/1.1
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
> Host: https://route53.amazonaws.com
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=ec2.us-east-1.amazonaws.com
* start date: Jan 08 00:00:00 2021 GMT
* expire date: Jan 07 23:59:59 2022 GMT
* common name: ec2.us-east-1.amazonaws.com
* issuer: CN=Amazon,OU=Server CA 1B,O=Amazon,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Accept: */*
> Host: https://route53.amazonaws.com
>
< HTTP/1.1 400 Bad Request
< Transfer-Encoding: chunked
< Date: Mon, 02 Aug 2021 06:07:25 GMT
< Connection: close
< Server: AmazonEC2
Thanks
Sachin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210802/1cf13b7b/attachment-0001.htm>
More information about the squid-users
mailing list