On 3/4/22 03:25, YFone Ling wrote:
I am here just try to understand how the squid determines host conflicts
for a simple http connect proxy request?
The complete answer to your question is large/complicated and
Squid-version dependent, but, AFAICT, there are no conflicts in the
simple CONNECT request you have shared. Either the Squid in question is
buggy or something else is going on (that is not visible in the output
you have shared).
Are you absolutely sure the CONNECT request looks exactly like the one
you have copy-pasted? How do you observe that CONNECT request?
Can you reproduce this exact problem using, say, "nc" or "telnet" as a
proxy client (no TLS)?
Normally, proxies that accept CONNECT requests do not listen on or
intercept port 80. Normally, CONNECT requests do not target port 80
either. Are you sure you are supposed to send a CONNECT request to port
80 and target an origin server port 80?
What do the WiFi providers tell you when you complain to _them_? Can
they get you in touch with the technical people responsible for their
Squids?
Alex.
On Thu, Mar 3, 2022 at 6:28 PM Eliezer Croitoru <ngtech1...@gmail.com
<mailto:ngtech1...@gmail.com>> wrote:
I am not sure if it’s for Squid-dev but anyway to clear out the
doubts I would suggest attaching the squid.conf
and remember to remove any sensitive data.____
__ __
Eliezer____
__ __
----____
Eliezer Croitoru____
NgTech, Tech Support____
Mobile: +972-5-28704261____
Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com>____
__ __
*From:* squid-dev <squid-dev-boun...@lists.squid-cache.org
<mailto:squid-dev-boun...@lists.squid-cache.org>> *On Behalf Of
*YFone Ling
*Sent:* Thursday, March 3, 2022 22:55
*To:* squid-dev@lists.squid-cache.org
<mailto:squid-dev@lists.squid-cache.org>
*Subject:* [squid-dev] ERR_CONFLICT_HOST for HTTP CONNECT request on
port 80____
__ __
My application sends HTTP CONNECT requests to a HTTP proxy port 80,
but gets a squid ERR_CONFLICT_HOST error page.____
__ __
Is the following code really working as the comments pointed out
"ignore them" since the following if condition is
"http->request->method != Http::METHOD_CONNECT"____
and the rest has been blocked by error page
"repContext->setReplyToError(ERR_CONFLICT_HOST, Http::scConflict,"?____
__ __
Does "ignore them" mean block them? ____
void____
ClientRequestContext::hostHeaderVerifyFailed(const char *A, const
char *B)____
{____
// IP address validation for Host: failed. Admin wants to ignore
them.____
// NP: we do not yet handle CONNECT tunnels well, so ignore for them____
if (!Config.onoff.hostStrictVerify && http->request->method !=
Http::METHOD_CONNECT) {____
debugs(85, 3, "SECURITY ALERT: Host header forgery detected on " <<
http->getConn()->clientConnection <<____
"(" << A << "does not match " << B << ") on URL: " <<
http->request->effectiveRequestUri());____
__ __
__ __
How does the squid get "hostHeaderVerifyFailed" for a normal HTTP
CONNECT request to a HTTP Proxy as simple as below?____
__ __
CONNECT www.zscaler.com:80 <http://www.zscaler.com:80> HTTP/1.1____
Host: www.zscaler.com:80 <http://www.zscaler.com:80>____
User-Agent: Windows Microsoft Windows 10 Enterprise ZTunnel/1.0____
Proxy-Connection: keep-alive____
Connection: keep-alive____
__ __
HTTP/1.1 409 Conflict____
Server: squid____
Mime-Version: 1.0____
Date: Tue, 22 Feb 2022 20:59:42 GMT____
Content-Type: text/html;charset=utf-8____
Content-Length: 2072____
X-Squid-Error: ERR_CONFLICT_HOST 0____
Vary: Accept-Language____
Content-Language: en____
X-Cache: MISS from 3____
Via: 1.1 3 (squid)____
Connection: keep-alive____
__ __
</head><body id=ERR_CONFLICT_HOST>____
<div id="titles">____
<h1>ERROR</h1>____
<h2>The requested URL could not be retrieved</h2>____
</div>____
<hr>____
__ __
<div id="content">____
<p>The following error was encountered while trying to retrieve
the URL: <a href="www.zscaler.com:80
<http://www.zscaler.com:80>">www.zscaler.com:80
<http://www.zscaler.com:80></a></p>____
......____
__ __
__ __
__ __
Thank you for any help on the understanding!____
__ __
Paul Ling____
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
