[squid-users] Overwrite an URL containing an IP when it is requested with a custom Host header
Amos Jeffries
squid3 at treenet.co.nz
Thu Oct 17 08:31:18 UTC 2019
On 17/10/19 7:20 am, Alex Rousskov wrote:
> On 10/16/19 1:12 PM, jl wrote:
>
>> It's possible to configure Squid to overwrite an URL containing an IP when
>> it is requested with a custom Host header passed by the client when the Host
>> header resolves to the IP in the URL?
>
> You can probably accomplish the above using a URL rewriting helper or an
> adaptation service. Those things can receive requested headers, do DNS
> lookups, and rewrite URLs as needed.
>
> If the IP and host values can be hard-coded into Squid configuration,
> then it might be possible to accomplish what you want using Squid
> configuration alone (e.g., via a dedicated cache_peer originserver
> setting), but I am not sure.
>
> Alex.
>
>
>> For example for this:
>> curl -v -k -x IP:PORT http://34.201.191.134/headers -H "Host: httpbin.org"
>>
>> to return:
>>
>> "headers": {
>> "Accept": "*/*",
>> "Host": "httpbin.org",
>> "User-Agent": "curl/7.58.0"
>> }
>>
>> instead of:
>>
>> "headers": {
>> "Accept": "*/*",
>> "Host": "34.201.191.134",
>> "If-Modified-Since": "Wed, 16 Oct 2019 16:08:42 GMT",
>> "User-Agent": "curl/7.58.0"
>> }
Please be aware that a client sending that combination of absolute-URL
and mismatching Host header is one of three things:
1) a malware attack
2) broken client software
3) a proxy attempting to avoid producing errors while still protecting
against the above. eg interception proxy receiving suspected
CVE-2009-0801 attack traffic.
>>
>> Or for this:
>> curl -v -k -x IP:PORT http://192.121.151.106/doc/search/ -H "Host:
>> erlang.org"
>>
>> to return "HTTP/1.1 200 OK" instead of "HTTP/1.1 404 Not Found"
That one is not a good idea. The origin server is producing that 404,
nothing to do with Squid.
Amos
More information about the squid-users
mailing list