[squid-dev] ERR_CONFLICT_HOST for HTTP CONNECT request on port 80

Amos Jeffries squid3 at treenet.co.nz
Fri Mar 4 06:34:59 UTC 2022


On 4/03/22 09:55, YFone Ling wrote:
> My application sends  HTTP CONNECT requests to a HTTP proxy port 80, but 
> gets a squid ERR_CONFLICT_HOST error page.
> 

Why?

  CONNECT is a method reserved for use when talking to a 
forward/explicit-proxy.

  Port 80 is a port reserved for origin servers or reverse-proxy (not 
forward-proxy).



> Is the following code really working as the comments pointed out "ignore 
> them" since the following if condition is "http->request->method != 
> Http::METHOD_CONNECT"
> and the rest has been blocked by error page 
> "repContext->setReplyToError(ERR_CONFLICT_HOST, Http::scConflict,"?
> 
> Does "ignore them" mean block them?


Essentially yes. Squid will not continue processing of these requests. 
All that is left is to inform the client.


> void
> 	ClientRequestContext::hostHeaderVerifyFailed(const char *A, const char *B)
> 	{
> 	// IP address validation for Host: failed. Admin wants to ignore them.
> 	// NP: we do not yet handle CONNECT tunnels well, so ignore for them
> 	if (!Config.onoff.hostStrictVerify && http->request->method != 


> 
> How does the squid get "hostHeaderVerifyFailed" for a normal HTTP 
> CONNECT request to a HTTP Proxy as simple as below?
> 


Host header verify is not not performed for "request to a HTTP Proxy". 
It only applies by default to origin-server traffic. So something in 
your setup is not right.

What are your squid.conf http_port lines ?


Amos


More information about the squid-dev mailing list