[squid-dev] ERR_CONFLICT_HOST for HTTP CONNECT request on port 80

YFone Ling lingyphone at gmail.com
Fri Mar 4 08:25:31 UTC 2022 

Hi, Eliezer

Thank you for replying!

As a client app developer, my customer reports  some issues with the
airline and hotel WiFi , I am not able to provide the squid.conf, neither
WiFi provider won’t tell me that.

I am here just try to understand how the squid determines host conflicts
for a simple http connect proxy request?





On Thu, Mar 3, 2022 at 6:28 PM Eliezer Croitoru <ngtech1ltd at gmail.com>
wrote:

> I am not sure if it’s for Squid-dev but anyway to clear out the doubts I
> would suggest attaching the squid.conf
> and remember to remove any sensitive data.
>
>
>
> Eliezer
>
>
>
> ----
>
> Eliezer Croitoru
>
> NgTech, Tech Support
>
> Mobile: +972-5-28704261
>
> Email: ngtech1ltd at gmail.com
>
>
>
> *From:* squid-dev <squid-dev-bounces at lists.squid-cache.org> *On Behalf Of
> *YFone Ling
> *Sent:* Thursday, March 3, 2022 22:55
> *To:* squid-dev at lists.squid-cache.org
> *Subject:* [squid-dev] ERR_CONFLICT_HOST for HTTP CONNECT request on port
> 80
>
>
>
> My application sends  HTTP CONNECT requests to a HTTP proxy port 80, but
> gets a squid ERR_CONFLICT_HOST error page.
>
>
>
> Is the following code really working as the comments pointed out "ignore
> them" since the following if condition is "http->request->method !=
> Http::METHOD_CONNECT"
>
> and the rest has been blocked by error page
> "repContext->setReplyToError(ERR_CONFLICT_HOST, Http::scConflict,"?
>
>
>
> Does "ignore them" mean block them?
>
> void
>
> ClientRequestContext::hostHeaderVerifyFailed(const char *A, const char *B)
>
> {
>
>     // IP address validation for Host: failed. Admin wants to ignore them.
>
>     // NP: we do not yet handle CONNECT tunnels well, so ignore for them
>
>     if (!Config.onoff.hostStrictVerify && http->request->method !=
> Http::METHOD_CONNECT) {
>
>         debugs(85, 3, "SECURITY ALERT: Host header forgery detected on "
> << http->getConn()->clientConnection <<
>
>                " (" << A << " does not match " << B << ") on URL: " <<
> http->request->effectiveRequestUri());
>
>
>
>
>
> How does the squid get "hostHeaderVerifyFailed" for a normal HTTP CONNECT
> request to a HTTP Proxy as simple as below?
>
>
>
> CONNECT www.zscaler.com:80 HTTP/1.1
>
> Host: www.zscaler.com:80
>
> User-Agent: Windows Microsoft Windows 10 Enterprise ZTunnel/1.0
>
> Proxy-Connection: keep-alive
>
> Connection: keep-alive
>
>
>
> HTTP/1.1 409 Conflict
>
> Server: squid
>
> Mime-Version: 1.0
>
> Date: Tue, 22 Feb 2022 20:59:42 GMT
>
> Content-Type: text/html;charset=utf-8
>
> Content-Length: 2072
>
> X-Squid-Error: ERR_CONFLICT_HOST 0
>
> Vary: Accept-Language
>
> Content-Language: en
>
> X-Cache: MISS from 3
>
> Via: 1.1 3 (squid)
>
> Connection: keep-alive
>
>
>
> </head><body id=ERR_CONFLICT_HOST>
>
> <div id="titles">
>
> <h1>ERROR</h1>
>
> <h2>The requested URL could not be retrieved</h2>
>
> </div>
>
> <hr>
>
>
>
> <div id="content">
>
> <p>The following error was encountered while trying to retrieve the URL:
> <a href="www.zscaler.com:80">www.zscaler.com:80</a></p>
>
> ......
>
>
>
>
>
>
>
> Thank you for any help on the understanding!
>
>
>
> Paul Ling
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20220304/9a1a0fb8/attachment.htm>

More information about the squid-dev mailing list