[squid-users] Started testing squid-6.0.0-20210204-r5f37a71ac

Alex Rousskov rousskov at measurement-factory.com
Mon Feb 15 19:02:32 UTC 2021


On 2/15/21 6:32 AM, Eliezer Croitoru wrote:

> Where exactly do you see Host Header Forgery in my last email?

Your last email says "google hosts". The previous email from you (in the
same thread) said "Most of the issues I see are related to Host header
forgery detection" and then named "google host related issue" to be "the
main issue". I naturally assumed that you are talking about a set of
Host forgery related issues with one specific Host forgery detection
issue being the prevalent/major one.

If my assumption was wrong, then you have not addressed the problem I
stated in my very first response -- I still do not know what "google
host related issue" is. The cache.log lines you have posted do not
answer that question for me. You seem to know what the problem actually
is, so, if you want answers, perhaps you can detail/explain the problem
you are asking about.

Alex.


> -----Original Message-----
> From: Alex Rousskov <rousskov at measurement-factory.com> 
> Sent: Thursday, February 11, 2021 7:02 PM
> To: Eliezer Croitoru <ngtech1ltd at gmail.com>; squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Started testing squid-6.0.0-20210204-r5f37a71ac
> 
> On 2/11/21 10:41 AM, Eliezer Croitoru wrote:
> 
>> The issue that makes it's impossible to surf not to cache.
>> The 
>>> 2021/02/07 19:46:07 kid1| ERROR: failure while accepting a TLS
>>> connection on conn2195 local=216.58.198.67:443
>>> remote=192.168.189.94:41724 FD 104 flags=33: 0x55cf6a6debe0*1
>>>
>>>     current master transaction: master78
>>>
>>> which is a google host related issue.
>>
>> The access to google hosts seems to be the main issue here.
> 
> How is this different from the host forgery related discussions we
> recently had? I consider the general "What can we do about host forgery
> errors?"  question answered already. If you disagree with those answers,
> we can discuss further, but, to make progress, you need to say
> explicitly which answer you disagree with and why.
> 
> Alex.
> 
> 
>> -----Original Message-----
>> From: Alex Rousskov <rousskov at measurement-factory.com> 
>> Sent: Tuesday, February 9, 2021 11:03 PM
>> To: Eliezer Croitoru <ngtech1ltd at gmail.com>;
>> squid-users at lists.squid-cache.org
>> Subject: Re: [squid-users] Started testing squid-6.0.0-20210204-r5f37a71ac
>>
>> On 2/7/21 12:47 PM, Eliezer Croitoru wrote:
>>> I move on to testing squid-6.0.0-20210204-r5f37a71ac
>>>
>>> Most of the issues I see are related to Host header forgery detection.
>>>
>>> I do see that the main issue with TLS is similar to:
>>>
>>> 2021/02/07 19:46:07 kid1| ERROR: failure while accepting a TLS
>>> connection on conn2195 local=216.58.198.67:443
>>> remote=192.168.189.94:41724 FD 104 flags=33: 0x55cf6a6debe0*1
>>>
>>>     current master transaction: master78
>>>
>>> which is a google host related issue.
>>
>>
>>> Alex and Amos,
>>>
>>> Can the project do something about this?
>>  FWIW, I do not understand what you are asking about -- it is not clear
>> to me what "this" is in the context of your question. As you know, there
>> have been several recent discussions about host header forgery detection
>> problems. It is not clear to me whether you are asking about some
>> specific new case or want to revisit some specific aspects of those
>> discussions.
>>
>> Alex.
>>



More information about the squid-users mailing list