[squid-users] Redmine Bug #14390: Squid: SECURITY ALERT: Host header forgery detected

[Alex Rousskov]

On 2024-10-30 20:46, Jonathan Lee wrote:
> Hello, thank you for the update Francesso, there is also some chatter 
> about bugs within the Netgate community. Is this also related to the 
> fixes in V7 (please see Redmine attached)?

AFAICT, Redmine Bug #14390 is pretty much unrelated to "Joshua 55" 
vulnerabilities.


> This Redmine should have been more concise and simplified within its 
> notes, it seems to just generate confusion.  I do not have issues like 
> this and that is where I start to question what this is related to.  Can 
> Someone please respond to this Redmine for verification that has a 
> higher-level knowledge about Squid?

FWIW, I did not find Redmine Bug #14390 particularly confusing: Folks 
are having problems with a particular Squid functionality. Those 
problems are known within Squid community. Unfortunately, nobody who can 
address them stepped up to properly address them (so far; for various 
reasons). Comment #15 looks like an out-of-bug-scope distraction to me; 
I am not sure what should be "verified", but Redmine users are welcome 
to seek Squid help here (and some of them may have already).


> I hate to see this removed for some 
> simple reason like a PHP issue that causes configuration issues.

AFAICT, Redmine Bug #14390 is not specific to PHP clients, and there are 
no good configuration-only solutions for the problem that bug identifies.


HTH,

Alex.

> Bug #14390: Squid: SECURITY ALERT: Host header forgery detected - 
> pfSense Packages - pfSense bugtracker 
> <https://redmine.pfsense.org/issues/14390>