<div dir="ltr">400 is returned by the destination server, not squid. Squid did not perform any validation on the host header.  As per <a href="http://www.squid-cache.org/Doc/config/host_verify_strict" target="_blank">http://www.squid-cache.org/Doc/config/host_verify_strict</a>, it should have done that and failure should have been returned by squid.<div><br></div><div>Regards</div><div>Sachin</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Aug 3, 2021 at 7:11 AM Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 2/08/21 6:12 pm, Sachin Gupta wrote:<br>
> Hi All<br>
> <br>
> I am using squid version 4.9. I did set host_verify_strict to on. As per <br>
> documentation in link <br>
> <a href="https://urldefense.com/v3/__http://www.squid-cache.org/Doc/config/host_verify_strict__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxtcdjVru$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__http://www.squid-cache.org/Doc/config/host_verify_strict__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxtcdjVru$</a>  <br>
> <<a href="https://urldefense.com/v3/__http://www.squid-cache.org/Doc/config/host_verify_strict__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxtcdjVru$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__http://www.squid-cache.org/Doc/config/host_verify_strict__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxtcdjVru$</a> > The request <br>
> should fail if host header is different than uri.<br>
> <br>
> I used this request and squid allowed the request though as per <br>
> documentaion, it should have returned 409. Can someone help. Logs are below.<br>
> <br>
<br>
The reason you are getting 400 is that "https://..." is not a valid <br>
syntax for Host header. Syntax checks come first, before value checks.<br>
<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="https://urldefense.com/v3/__http://lists.squid-cache.org/listinfo/squid-users__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxqPemPUE$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__http://lists.squid-cache.org/listinfo/squid-users__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxqPemPUE$</a> <br>
</blockquote></div>