www/squid3: avoid forgery check; closes #66
Taken from: CentOS, NethServer
This commit is contained in:
parent
355e71e822
commit
546b7530ed
|
@ -150,6 +150,11 @@ GSSAPI_MIT_USES= gssapi:mit
|
|||
GSSAPI_MIT_CONFIGURE_ON= --with-mit-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
|
||||
GSSAPI_MIT_PLIST_SUB= AUTH_KERB=""
|
||||
|
||||
# OPNsense addition
|
||||
OPTIONS_DEFINE+= NO_FORGERY
|
||||
NO_FORGERY_DESC= Disable Host-Header-Forgery check in transparent SSL
|
||||
NO_FORGERY_EXTRA_PATCHES+= ${FILESDIR}/extra-patch-host-header-forgery
|
||||
|
||||
# TODO:
|
||||
# add an option for external_acl/session (requires some kind of external
|
||||
# Berkeley DB support, unsure which one)
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
--- src/client_side_request.cc.orig 2019-02-12 13:27:33 UTC
|
||||
+++ src/client_side_request.cc
|
||||
@@ -530,6 +530,9 @@ ClientRequestContext::hostHeaderIpVerify
|
||||
}
|
||||
debugs(85, 3, HERE << "validate IP " << clientConn->local << " non-match from Host: IP " << ia->in_addrs[i]);
|
||||
}
|
||||
+ http->request->flags.hostVerified = true;
|
||||
+ http->doCallouts();
|
||||
+ return;
|
||||
}
|
||||
debugs(85, 3, HERE << "FAIL: validate IP " << clientConn->local << " possible from Host:");
|
||||
hostHeaderVerifyFailed("local IP", "any domain IP");
|
Loading…
Reference in New Issue