[squid-dev] ERR_CONFLICT_HOST for HTTP CONNECT request on port 80
Amos Jeffries
squid3 at treenet.co.nz
Fri Mar 4 06:34:59 UTC 2022
On 4/03/22 09:55, YFone Ling wrote:
> My application sends HTTP CONNECT requests to a HTTP proxy port 80, but
> gets a squid ERR_CONFLICT_HOST error page.
>
Why?
CONNECT is a method reserved for use when talking to a
forward/explicit-proxy.
Port 80 is a port reserved for origin servers or reverse-proxy (not
forward-proxy).
> Is the following code really working as the comments pointed out "ignore
> them" since the following if condition is "http->request->method !=
> Http::METHOD_CONNECT"
> and the rest has been blocked by error page
> "repContext->setReplyToError(ERR_CONFLICT_HOST, Http::scConflict,"?
>
> Does "ignore them" mean block them?
Essentially yes. Squid will not continue processing of these requests.
All that is left is to inform the client.
> void
> ClientRequestContext::hostHeaderVerifyFailed(const char *A, const char *B)
> {
> // IP address validation for Host: failed. Admin wants to ignore them.
> // NP: we do not yet handle CONNECT tunnels well, so ignore for them
> if (!Config.onoff.hostStrictVerify && http->request->method !=
>
> How does the squid get "hostHeaderVerifyFailed" for a normal HTTP
> CONNECT request to a HTTP Proxy as simple as below?
>
Host header verify is not not performed for "request to a HTTP Proxy".
It only applies by default to origin-server traffic. So something in
your setup is not right.
What are your squid.conf http_port lines ?
Amos
More information about the squid-dev
mailing list