DOC_END
+NAME: host_verify_strict
+TYPE: onoff
+DEFAULT: off
+LOC: Config.onoff.hostStrictVerify
+DOC_START
+ By default Squid performs Host vs IP this validation on intercept
+ and tproxy traffic.
+
+ This option enables additional strict validation comparisons on
+ forward-proxy and reverse-proxy traffic passing through Squid.
+
+ These additional texts involve textual domain comparison of the
+ authority form URL found in the request-URL and Host: header. To
+ ensure that the client sends a consistent Host header for the
+ destination server with the URL.
+DOC_END
+
NAME: client_dst_passthru
TYPE: onoff
DEFAULT: on
// verify the destination DNS is one of the Host: headers IPs
ipcache_nbgethostbyname(host, hostHeaderIpVerifyWrapper, this);
}
+ } else if (Config.onoff.hostStrictVerify) {
+ debugs(85, 3, HERE << "validate skipped.");
+ http->doCallouts();
} else if (strlen(host) != strlen(http->request->GetHost())) {
// Verify forward-proxy requested URL domain matches the Host: header
debugs(85, 3, HERE << "FAIL on validate URL domain length " << http->request->GetHost() << " matches Host: " << host);
projects / thirdparty / squid.git / commitdiff
