[squid-users] Host header forgery policy in service provider environment
Garri Djavadyan
garryd at comnet.uz
Wed Jan 6 09:10:24 UTC 2016
>On 2015-12-31 00:01, Garri Djavadyan wrote:
>> Hello Squid members and developers!
>>
>> First of all, I wish you a Happy New Year 2016!
>>
>> The current Host header forgery policy effectively prevents a cache
>> poisoning. But also, I noticed, it deletes verified earlier cached
>> object. Is it possible to implement more careful algorithm as an
>> option? For example, if Squid will not delete earlier successfully
>> verified and valid cached object and serve forged request from the
>> cache if would be more effective and in same time secure behavior.
>
>
>This seems to be describing
><http://bugs.squid-cache.org/show_bug.cgi?id=3940>
>
>So far we don't have a solution. Patches very welcome.
>
>Amos
Amos, can recheck the bug report? I found the root cause of the problem
and presented possible prototype solution, which solves the problem in
my environment. Thank you in advance!
More information about the squid-users
mailing list