Advertisement
punces

squid_forgery.patch

Nov 16th, 2016
761
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.98 KB | None | 0 0
  1. --- src/client_side_request.cc 2014-03-09 06:40:56.000000000 -0300
  2. +++ src/client_side_request.cc 2014-04-21 02:53:11.277155130 -0300
  3. @@ -545,6 +545,16 @@
  4. }
  5. debugs(85, 3, HERE << "validate IP " << clientConn->local << " non-match from Host: IP " << ia->in_addrs[i]);
  6. }
  7. +
  8. + if (true) {
  9. + unsigned short port = clientConn->local.port();
  10. + debugs(85, 3, HERE << "[anti-forgery] Host-non-matched remote IP (" << clientConn->local << ") was replaced with the first Host resolved IP (" << ia->in_addrs[0] << ":" << clientConn->local.port() << ")");
  11. + clientConn->local = ia->in_addrs[0];
  12. + clientConn->local.port(port);
  13. + http->request->flags.hostVerified = true;
  14. + http->doCallouts();
  15. + return;
  16. + }
  17. }
  18. debugs(85, 3, HERE << "FAIL: validate IP " << clientConn->local << " possible from Host:");
  19. hostHeaderVerifyFailed("local IP", "any domain IP");
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement