[squid-users] More host header forgery pain with peek/splice

Amos Jeffries squid3 at treenet.co.nz
Mon Sep 5 11:02:06 UTC 2016


On 5/09/2016 11:35 a.m., Marcus Kool wrote:
> Thanks for your reply.
> 
> The 13-year old child in me says "I want it fixed yesterday"
> since false positives are very painful and cannot always
> be prevented since the environment where Squid works is
> not always that easy to control.
> 
> You mentioned earlier that a fix will probably go in squid 5
> which is long due and there is no workaround.  A second
> thought is to have an acl that determines for which domains
> the check must be skipped, but this is not optimal since
> the admin gains an extra job.
> 
> My vote goes to re-prioritizing the fix and put it in Squid 4.
> Of course I have no idea about the implications.

Resources to work on it would be very welcome. I still think it will
take too long to go into Squid-4 though, since 4.1 is already overdue
for release.

Amos



More information about the squid-users mailing list