Juha Luoma wrote:
> Hi,
>
> Squid rewrites the host header as follows:
>
> GET http://194.137.237.63/uutiset/ HTTP/1.1\r\n
> Host: www.hs.fi\r\n
>
> ->
>
> GET /uutiset/ HTTP/1.0\r\n
> Host: 194.137.237.63\r\n
>
> Why is that?
Because mismatch between Host: header and real destination wanted is how
security attacks happen:
http://cwe.mitre.org/data/definitions/352.html
This particular re-write is part of the security protection in Squid
surrounding the ongoing issue of domain forgery:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0801
The client software sending those requests needs to be fixed. _Urgently_.
> How to pass on the original Host header in this case?
Make the client software write the URL correctly containing the domain
it wanted to contact.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6Received on Thu Apr 09 2009 - 07:10:56 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 09 2009 - 12:00:02 MDT