[squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9
dan at getbusi.com
Thu Oct 22 10:06:04 UTC 2015
Ah-ha. Thanks for digging into that a bit Amos.
In my case 220.127.116.11 is the tertiary server, so I’m surprised it’s being used at all. Could be a local DNS server is forwarding to it, though.
I’ll remove that from the equation tomorrow and see how it fares.
> On 22 Oct 2015, at 8:58 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 21/10/2015 4:53 p.m., Dan Charlesworth wrote:
>> I’m getting these very frequently for api.github.com and github.com
>> I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and they only return the one IP when I do an nslookup as well …
>> Any updates from your end, Roel?
> I just did a quick test of api.github.com and what I'm seeing is only
> one IP at a time being delivered. BUT that IP is showing signs of being
> geo-DNS based result and also has a 60 second TTL.
> So ... when using the Google "free" DNS service it changes IP number
> almost every second. Based on which of the Google servers you happen to
> be working through with that particular request.
> You can watch it cycling if you like:
> watch dig A api.github.com @18.104.22.168
> You could run a local bind server and redirect UDP port 53 requests from
> clients to it so they stop using 22.214.171.124 etc and start using a DNS like
> its supposed to work.
> squid-users mailing list
> squid-users at lists.squid-cache.org
More information about the squid-users