[squid-users] reflecting on Squid Project Status with regard to "Joshua 55" vulnerabilities

Thu Oct 31 21:19:21 UTC 2024

Hey Jonathan,

I cannot speak for the whole squid community, however if someone in the
pfsense community doesn't want to maintain and or use squid it's his own
choice.
If there is an issue it can be researched and there so much information
about this specific "issue" that it's weird nobody bothered to respond the
issue.

The reason for the log output is widely known and there are couple ways to
resolve this.
I wrote a patch to override this behaviour in the past but I am no longer
supporting this.
The main reason for me not supporting overriding this fix is since there
are many bad actors which are using squid for their own gain while
sacrificing some internet connectivity security aspects.
It is recommended to use a shared dns service for both the clients and the
proxy server to avoid such issues.

My general recommendation is to use squid on a linux based os if possible.

There are other firewall projects which might be a better choice for your
use case if you really need the proxy.
In my setup I am using Mikrotik as a router and firewall for a 1gbps line
and a tiny x86 server for all other services.
It's more efficient and practical compared to netgate in my scenario.

Yours,
Eliezer

בתאריך יום ה׳, 31 באוק׳ 2024, 21:32, מאת Jonathan Lee ‏<
jonathanlee571 at gmail.com>:

> Hello, thank you for the update Francesso, there is also some chatter
> about bugs within the Netgate community. Is this also related to the fixes
> in V7 (please see Redmine attached)?
>
> I  admit, I have a bias and assumption that that Big-Tech does not like
> Squid functional, and that most of what is listed below was done within a
> political aspect to generate a confusion within the firewall community. So
> much so that the package was considered an issue and Netgate started to
> recommend Squid's removal. I have stood by this package and continue to, as
> it works beautifully.
>
> This Redmine should have been more concise and simplified within its
> notes, it seems to just generate confusion.  I do not have issues like this
> and that is where I start to question what this is related to.  Can Someone
> please respond to this Redmine for verification that has a higher-level
> knowledge about Squid? I hate to see this removed for some simple reason
> like a PHP issue that causes configuration issues.
>
> Bug #14390: Squid: SECURITY ALERT: Host header forgery detected - pfSense
> Packages - pfSense bugtracker <https://redmine.pfsense.org/issues/14390>
> Bug #14390: Squid: SECURITY ALERT: Host header forgery detected - pfSense
> Packages - pfSense bugtracker <https://redmine.pfsense.org/issues/14390>
> Redmine
> redmine.pfsense.org
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20241031/b366b0ab/attachment.htm>