opensourcemirror
/
opnsense-ports
mirror of https://github.com/opnsense/ports.git
1
0
Fork 0
Code Issues Releases Wiki Activity

www/squid3: avoid forgery check; closes #66 

Taken from: CentOS, NethServer
This commit is contained in:
Franco Fichtner 2019-02-12 14:46:25 +01:00
parent 355e71e822
commit 546b7530ed
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
www/squid3/Makefile
View File

@ -150,6 +150,11 @@ GSSAPI_MIT_USES= gssapi:mit
GSSAPI_MIT_CONFIGURE_ON= --with-mit-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
GSSAPI_MIT_PLIST_SUB= AUTH_KERB=""
# OPNsense addition
OPTIONS_DEFINE+= NO_FORGERY
NO_FORGERY_DESC= Disable Host-Header-Forgery check in transparent SSL
NO_FORGERY_EXTRA_PATCHES+= ${FILESDIR}/extra-patch-host-header-forgery
# TODO:
# add an option for external_acl/session (requires some kind of external
# Berkeley DB support, unsure which one)

12
www/squid3/files/extra-patch-host-header-forgery Normal file
View File

@ -0,0 +1,12 @@
--- src/client_side_request.cc.orig 2019-02-12 13:27:33 UTC
+++ src/client_side_request.cc
@@ -530,6 +530,9 @@ ClientRequestContext::hostHeaderIpVerify
}
debugs(85, 3, HERE << "validate IP " << clientConn->local << " non-match from Host: IP " << ia->in_addrs[i]);
}
+ http->request->flags.hostVerified = true;
+ http->doCallouts();
+ return;
}
debugs(85, 3, HERE << "FAIL: validate IP " << clientConn->local << " possible from Host:");
hostHeaderVerifyFailed("local IP", "any domain IP");