400 is returned by the destination server, not squid. Squid did not perform any validation on the host header. As per http://www.squid-cache.org/Doc/config/host_verify_strict, it should have done that and failure should have been returned by squid.
Regards
Sachin
On Tue, Aug 3, 2021 at 7:11 AM Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 2/08/21 6:12 pm, Sachin Gupta wrote:
> Hi All
>
> I am using squid version 4.9. I did set host_verify_strict to on. As per
> documentation in link
> https://urldefense.com/v3/__http://www.squid-cache.org/Doc/config/host_verify_strict__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxtcdjVru$
> <https://urldefense.com/v3/__http://www.squid-cache.org/Doc/config/host_verify_strict__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxtcdjVru$ > The request
> should fail if host header is different than uri.
>
> I used this request and squid allowed the request though as per
> documentaion, it should have returned 409. Can someone help. Logs are below.
>
The reason you are getting 400 is that "https://..." is not a valid
syntax for Host header. Syntax checks come first, before value checks.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://urldefense.com/v3/__http://lists.squid-cache.org/listinfo/squid-users__;!!DCbAVzZNrAf4!Vapjg86Hjy8hbBI_mXJ-JQZ1thI84Svu6LIsVzY4dGeRPgG-Oqhf8suS82ytxqPemPUE$
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
