[squid-users] Squid 4.x and Peek and Splice - Host Header Forgery
garryd at comnet.uz
garryd at comnet.uz
Tue Oct 18 18:01:47 UTC 2016
On 2016-10-18 22:42, John Wright wrote:
> Hi
>
> Replying to the list
>
> Yes i get that error on many different sites same exact error about
> host headers.
> Also if you watch the TTL on the amazonaws url i provided it changes
> from 3 to 5 to 10 seconds to 60 to 10 back and forth.
> If you go online to an dns lookup site like kloth i see via kloth 5
> seconds TTL
>
> i get a different TTL value at different times, it appears they dont
> have a set TTL but they change it often and it varies.
> Right now it appears to be a ttl of 60 seconds as you found but
> earlier and over the weekend it has shown 5 seconds and even AWS
> support verified it can vary as low as 5 seconds.
> That being said , when it is changing every 3-5 seconds which comes
> and goes , squid gives the header forgery errors as shown before.
The time interval between client's and Squid's name lookup is measured
in milliseconds. So, in most cases, the would not be false positives in
environments where same cashing DNS server is used.
That specific issue you encounter except alert messages and Squid's
inability to cache HTTP responses for "forged" HTTP requests?
More information about the squid-users
mailing list