Re: [squid-users] Squid and HTTP Host value from Henrik Nordstrom on 2008-07-03 (squid-users)

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Fri, 04 Jul 2008 01:27:31 +0200

On tor, 2008-07-03 at 22:29 +0100, Julian Gilbert wrote:
> I am trying to configure squid 2.5 and looking for some assistance. When I
> make client request to squid in the form:
>
> GET http://66.102.9.147/
> HOST www.google.co.uk

That's a request for http://66.102.9.147/. The Host header in there MUST
be ignored.

> the squid proxy makes the following request to the web server:
>
> GET /
> HOST 66.102.9.147

Which is correct.

> How do I configure squid not to overwire the host value? The request from
> squid should be sent as:
>
> GET /
> HOST www.google.co.uk

Make sure to request that from start.

Not updating the Host header to match the request is a major security
hazard.

Regards
Henrik

application/pgp-signature attachment: This is a digitally signed message part

Received on Thu Jul 03 2008 - 23:27:41 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 04 2008 - 12:00:02 MDT