I am not sure if it’s for Squid-dev but anyway to clear out the doubts I would suggest attaching the squid.conf and remember to remove any sensitive data.
Eliezer ---- Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> From: squid-dev <squid-dev-boun...@lists.squid-cache.org> On Behalf Of YFone Ling Sent: Thursday, March 3, 2022 22:55 To: squid-dev@lists.squid-cache.org Subject: [squid-dev] ERR_CONFLICT_HOST for HTTP CONNECT request on port 80 My application sends HTTP CONNECT requests to a HTTP proxy port 80, but gets a squid ERR_CONFLICT_HOST error page. Is the following code really working as the comments pointed out "ignore them" since the following if condition is "http->request->method != Http::METHOD_CONNECT" and the rest has been blocked by error page "repContext->setReplyToError(ERR_CONFLICT_HOST, Http::scConflict,"? Does "ignore them" mean block them? void ClientRequestContext::hostHeaderVerifyFailed(const char *A, const char *B) { // IP address validation for Host: failed. Admin wants to ignore them. // NP: we do not yet handle CONNECT tunnels well, so ignore for them if (!Config.onoff.hostStrictVerify && http->request->method != Http::METHOD_CONNECT) { debugs(85, 3, "SECURITY ALERT: Host header forgery detected on " << http->getConn()->clientConnection << " (" << A << " does not match " << B << ") on URL: " << http->request->effectiveRequestUri()); How does the squid get "hostHeaderVerifyFailed" for a normal HTTP CONNECT request to a HTTP Proxy as simple as below? CONNECT www.zscaler.com:80 <http://www.zscaler.com:80> HTTP/1.1 Host: www.zscaler.com:80 <http://www.zscaler.com:80> User-Agent: Windows Microsoft Windows 10 Enterprise ZTunnel/1.0 Proxy-Connection: keep-alive Connection: keep-alive HTTP/1.1 409 Conflict Server: squid Mime-Version: 1.0 Date: Tue, 22 Feb 2022 20:59:42 GMT Content-Type: text/html;charset=utf-8 Content-Length: 2072 X-Squid-Error: ERR_CONFLICT_HOST 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from 3 Via: 1.1 3 (squid) Connection: keep-alive </head><body id=ERR_CONFLICT_HOST> <div id="titles"> <h1>ERROR</h1> <h2>The requested URL could not be retrieved</h2> </div> <hr> <div id="content"> <p>The following error was encountered while trying to retrieve the URL: <a href="www.zscaler.com:80 <http://www.zscaler.com:80> ">www.zscaler.com:80 <http://www.zscaler.com:80> </a></p> ...... Thank you for any help on the understanding! Paul Ling
_______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
