I have a constant problem with Host header forgery detection on squid doing
peek and splice.

I see this most commonly with CDN, Amazon and microsoft due to the fact
there TTL is only 5 seconds on certain dns entries im connecting to.  So
when my client connects through my squid i get host header issues due to
the contstant dns changes at these destinations.

I have ready many things online but how do i get around this.  I basically
want to allow certain domains or ip subnets to not hit the host header
error (as things break at this point for me ).

Any ideas ?

One example is


Yes my client and Squid use same DNS server, i have even setup my squid as
a bind server and tried that just for fun same issue.  Fact is the DNS at
these places changes so fast (5 seconds) the dns response keeps changing/

I just need these approved destinations to make it through
squid-users mailing list

Reply via email to