[squid-users] host header forgery check in docker environment
Amos Jeffries
squid3 at treenet.co.nz
Mon Jun 18 04:13:56 UTC 2018
On 18/06/18 02:08, Kedar K wrote:
> Hello,
>
> I am hitting this issue when running squid in a docker with ssl parent
> cache_peer.
>
Can you describe that a bit clearer please? An end-client, two proxies
and origin server makes four HTTP agents involved with this traffic.
Which of those proxies (and/or server) is inside the container?
And how are you getting the traffic from the client to the first proxy?
> Host header forgery detected on local=11 72.19.0.2:443
> remote=172.19.0.1:44522
> FD 15 flags=33 (local IP does not match any domain IP)
>
> The host ip of the docker would not resolve to a domain. How to
> work-around this problem?
The agent being client for the proxy reporting this message apparently
thinks there is a origin server running at "72.19.0.2:443" hosting some
domain name. They are trying to contact that origin server.
Amos
More information about the squid-users
mailing list