[squid-users] host header forgery false positives
Eliezer Croitoru
eliezer at ngtech.co.il
Tue Jan 12 20:49:35 UTC 2016
Hey Jason,
I think we can divide the issue into two:
- host forgery identification
- host forgery action
And you can also add intercepting compared to configured forward proxy.
If you can draw a picture of the clients and the proxy network layout we
can try somewhere.
What you are talking about is mainly due to intercepting connections and
not using a regular forward proxy.
Also what dns server are you using there? Do you have queries log
enabled?(like in bind)
Can you run a "dig host" to verify what happens there? if there are many
records in the response?
I have not used ssl-bump in intercept\trpoxy mode in a very long time
but I would be happy to test couple things if it's easy enough.(1\2
routers + 1\2 clients win+lx)
Eliezer
On 12/01/2016 03:40, Jason Haar wrote:
> This is a bit of a show-stopper to ever using bump: having perfectly
> good websites being unavailable really isn't an option (in the case of
> "peek-and-splice" over intercepted they seem to hang forever when this
> error occurs). Perhaps an option to change it's behaviour would be
> better? eg enable/disable and maybe "ignore client and use the IP
> addresses squid thinks are best" could work?
>
>
> Jason
More information about the squid-users
mailing list