http://www.squid-cache.org/Versions/v4/cfgman/host_verify_strict.html
looks like squid did handle this already.
On Sat, Jul 21, 2018 at 4:10 PM Gordon Hsiao <capcoding@xxxxxxxxx> wrote:
I just read "RFC 2616 compliant proxy will rewrite the Host header making it impossible to do domain fronting over HTTP or where SSL/TLS interception is taking place", also checked RFC 2616 page at squid site, it is unclear to me that if squid can enforce host-header consistence with SNI to avoid domain fronting whenever needed? or this should be done by c-icap/redirector under peek+bump mode?Gordon
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users