[squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9
Dan Charlesworth
dan at getbusi.com
Thu Oct 22 10:06:04 UTC 2015
Ah-ha. Thanks for digging into that a bit Amos.
In my case 8.8.8.8 is the tertiary server, so I’m surprised it’s being used at all. Could be a local DNS server is forwarding to it, though.
I’ll remove that from the equation tomorrow and see how it fares.
Cheers
> On 22 Oct 2015, at 8:58 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> On 21/10/2015 4:53 p.m., Dan Charlesworth wrote:
>> I’m getting these very frequently for api.github.com and github.com
>>
>> I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and they only return the one IP when I do an nslookup as well …
>>
>> Any updates from your end, Roel?
>
>
> I just did a quick test of api.github.com and what I'm seeing is only
> one IP at a time being delivered. BUT that IP is showing signs of being
> geo-DNS based result and also has a 60 second TTL.
>
> So ... when using the Google "free" DNS service it changes IP number
> almost every second. Based on which of the Google servers you happen to
> be working through with that particular request.
>
> You can watch it cycling if you like:
> watch dig A api.github.com @8.8.8.8
>
>
> You could run a local bind server and redirect UDP port 53 requests from
> clients to it so they stop using 8.8.8.8 etc and start using a DNS like
> its supposed to work.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list