Search squid archive

host_verify_strict is not working as expected

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All

I am using squid version 4.9. I did set host_verify_strict to on. As per documentation in link http://www.squid-cache.org/Doc/config/host_verify_strict The request should fail if host header is different than uri.

I used this request and squid allowed the request though as per documentaion, it should have returned 409. Can someone help. Logs are below.

curl -vvx 127.0.0.1:8080 -H "Host: https://route53.amazonaws.com" https://ec2.amazonaws.com

* About to connect() to proxy 127.0.0.1 port 8080 (#0)

*   Trying 127.0.0.1...

* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)

* Establish HTTP proxy tunnel to ec2.amazonaws.com:443

> CONNECT ec2.amazonaws.com:443 HTTP/1.1

> User-Agent: curl/7.29.0

> Proxy-Connection: Keep-Alive

> Host: https://route53.amazonaws.com

> 

< HTTP/1.1 200 Connection established

< 

* Proxy replied OK to CONNECT request

* Initializing NSS with certpath: sql:/etc/pki/nssdb

*   CAfile: /etc/pki/tls/certs/ca-bundle.crt

  CApath: none

* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

* Server certificate:

* subject: CN=ec2.us-east-1.amazonaws.com

* start date: Jan 08 00:00:00 2021 GMT

* expire date: Jan 07 23:59:59 2022 GMT

* common name: ec2.us-east-1.amazonaws.com

* issuer: CN=Amazon,OU=Server CA 1B,O=Amazon,C=US

> GET / HTTP/1.1

> User-Agent: curl/7.29.0

> Accept: */*

> Host: https://route53.amazonaws.com

> 

< HTTP/1.1 400 Bad Request

< Transfer-Encoding: chunked

< Date: Mon, 02 Aug 2021 06:07:25 GMT

< Connection: close

< Server: AmazonEC2


Thanks

Sachin

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux