[squid-users] host_verify_strict is not working as expected

Sachin Gupta sachingupta at salesforce.com
Tue Aug 3 02:08:27 UTC 2021


400 is returned by the destination server, not squid. Squid did not perform
any validation on the host header.  As per
http://www.squid-cache.org/Doc/config/host_verify_strict, it should have
done that and failure should have been returned by squid.

Regards
Sachin

On Tue, Aug 3, 2021 at 7:11 AM Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 2/08/21 6:12 pm, Sachin Gupta wrote:
> > Hi All
> >
> > I am using squid version 4.9. I did set host_verify_strict to on. As per
> > documentation in link
> >
> https://urldefense.com/v3/__http://www.squid-cache.org/Doc/config/host_verify_strict__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxtcdjVru$
>
> > <
> https://urldefense.com/v3/__http://www.squid-cache.org/Doc/config/host_verify_strict__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxtcdjVru$
> > The request
> > should fail if host header is different than uri.
> >
> > I used this request and squid allowed the request though as per
> > documentaion, it should have returned 409. Can someone help. Logs are
> below.
> >
>
> The reason you are getting 400 is that "https://..." is not a valid
> syntax for Host header. Syntax checks come first, before value checks.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
>
> https://urldefense.com/v3/__http://lists.squid-cache.org/listinfo/squid-users__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxqPemPUE$
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210803/4d43cdc6/attachment.htm>


More information about the squid-users mailing list